In 13 February 2019, the Federal Government officially passed Consumer Data Right (CDR) into law in Australia, and it was officially launched on 1 July 2020.

CDR – sometimes called open banking – aims to provide Australians with more control over how their data is used and disclosed. It will improve consumers’ ability to compare and switch between products and services, encourage competition between service providers, drive the development of more innovative products and services, and reduce prices.

CDR in Australia is intended to create market competition and drive new product innovation for consumers. At the core of the CDR and the open banking program is a more robust, secure and private way for entities to share data about consumers and their accounts. This will have an impact on all sectors – the first directly affected by CDR is Financial Services through Open Banking, with Utilities and Telecommunications likely to follow soon after.

Becoming an Accredited Data Recipient for CDR in Australia – helping our clients

Entities wishing to gain access to consumer data under the CDR will need to become an Accredited Data Recipient (ADR) as detailed in the CDR Accreditation Guidelines.

Our team helps clients become accredited.

This process of accreditation ensures only entities that have appropriate processes and controls in place to protect consumer data are given access. To achieve ADR status, entities will need to undergo an independent audit of processes and controls under the ASAE3150 standard as part of the accreditation application.

While the audit scope will be defined by the systems, processes and controls of the individual entity seeking accreditation, the ACCC has provided guidance that includes the following requirements of what is expected:

  • have processes in place to limit the risk of inappropriate or unauthorised access
  • take steps to secure their network and systems
  • securely manage information assets over their lifecycle
  • implement a formal vulnerability management program to identify, track and remediate vulnerabilities in a timely manner
  • take steps to limit prevent, detect and remove malware
  • implement a formal information security training and awareness program for all personnel interacting with CDR data.

What is CDR in Australia?

CDR provides Australian consumers with more control over how their data is used and disclosed and their privacy. It will improve consumers’ ability to compare and switch between products and services, encourage competition between service providers, drive the development of more innovative products and services, and reduce prices. Entities wishing to gain access to consumer data under the CDR must become an Accredited Data Recipient.

Benefits to impacted industry sectors

  • Decreased barriers to entry
  • More secure method of data sharing
  • Increased collaboration between incumbents and the start-up community
  • Opportunity to build trust and confidence with consumers
  • Opportunity to increase the quality of products to solve consumer pain-points in the market

Benefits to consumers

  • Innovative new products
  • Increased transparency around information sharing
  • Increased control via explicit consent model
  • More confidence due to security and privacy oversight
  • Better ability to compare products
  • More competition
  • Lower costs

Entities wishing to gain access to consumer data under the CDR will need to become an Accredited Data Recipient (ADR) as detailed in the CDR Accreditation Guidelines.  Get in touch with our team for help with your accreditation.

Matthew Green
Partner
Matthew Green
Daniel Farthing
Partner
Daniel Farthing

Get in touch

Grant Thornton Australia collects your personal information so we can send you communications including invitations to future events, industry insights and other relevant communications. You can opt-out of receiving these communications at any time via our preference centre. Privacy Policy.