Filter by Category

Australia’s CDR: What is it and Why Does it Matter?

What is the CDR in Australia and Why Does It Matter?


What is the CDR Regulation for Australia?

In early May, 2020, the Australian Competition and Consumer Commission (ACCC) and the Office of the Australian Information Commissioner (OAIC) released their Compliance and Enforcement Policy for the Consumer Data Right (CDR), which was announced in November of 2017.

The objective of the CDR is to provide consumers with the ability to efficiently and conveniently access their personal data held by businesses, and to authorise the secure sharing of that data to trusted and accredited third parties. The CDR gives individuals a right to access their 'personal information', and the right of data portability found in the European General Data Protection Right (GDPR).

Related reading: What is GDPR?

Who Must Comply with the CDR and When?

Beginning July 1, 2020, the ACCC is requiring the banking, energy and telecommunications industries to make relevant data available to customers, with a temporary exception granted to the banking industry. The CDR is impacting industries economy-wide, sector-by-sector.

In light of the impacts and challenges of the COVID-19 pandemic, the ACCC has granted a temporary three-month exemption to financial services providers. The CDR regulation for banks and other financial institutions will now begin on Oct. 1, 2020.

Are Safeguards in Place to Protect CDR Data?

Because there is more access to data and more data files being transferred, more safeguards to protect this data is required. Regulators will deploy a range of tools to monitor and access the available information to ensure consumers have their data security and integrity in place. The goal is to prevent breaches of the CDR’s obligation through compliance management and enforcement.

Businesses need to consider how it handles the data collects, including how the data is collected, stored, used or disclosed, and how it will make consumer data available to its customers and their nominated recipients.

Special care of internal systems, processes and compliance will help prevent breaches such as:

  • Repeated refusal to disclose consumer data
  • Misleading or deceptive conduct
  • Data collection without valid consent
  • Intentional use or disclosure of data inconsistent with consumer consent
  • Insufficient security controls to protect CDR data

Related Reading: What are the Secure Messaging Standards in Australia?

How Can CDR Participants Comply with the Regulations?

Businesses under the CDR protocols should consider:

  • Reviewing their policies and processes for privacy and data handling
  • Training staff on their CDR obligations and how to manage the risks involved with handling consumer data
  • Establishing breach notification procedures

One way to ensure files are kept secure both at rest and while in transit is to incorporate a managed file transfer system, like GoAnywhere MFT. This secure, automatic software can protect data by:

  • Controlling access to files and data
  • Encrypting data
  • Establishing the correct security settings when sending and/or receiving highly confidential emails
  • And more

Learn about how managed file transfer can offer organizations the technical security measures needed to comply with the CDR.

Related Posts


Meeting Compliance Regulations and Privacy Laws for Sensitive Data Transfers

Highly sensitive data is frequently exchanged between organizations. For instance, a business will routinely transmit financial information to their bank including payroll direct deposits and ACH…


Meeting GDPR Requirements Using Managed File Transfer

The General Data Protection Regulation (GDPR) is set to replace the Data Protection Directive in the EU on May 25, 2018. At this time, and long afterward, organizations that aren’t found compliant…


7 Benefits of Using MFT for Encrypted File Transfers

7 Benefits of Using MFT for Encrypted File Transfers At minimum, a managed file transfer (MFT) solution is a product that encompasses all aspects of inbound and outbound file transfers while using…


Take Your Data Security One Step Further with MFT

One Step at a Time Finding the right managed file transfer (MFT) solution for your business can be a lengthy, one step at a time process. The StepsMaking the decision to implement MFT in your…


Why Businesses Need MFT

Why Businesses Need MFT Reputations can be built or ruined in a matter of a few keystrokes. Just ask any business victimized by a data breach – either malicious or due to human error. The loss of…