Consumer Data Right (CDR) Framework (Australia)
Australia's Consumer Data Right (CDR) framework, established under Part IVD of the Competition and Consumer Act 2010, enables consumers to securely share their data with accredited third parties. It was first implemented for the banking sector (Open Banking) and subsequently rolled out for energy (July 2022) and non‑bank lending (2023). Additional sectors such as telecommunications and health are in advanced development. The framework is overseen by the ACCC and continuously updated through CDR rules and data standards.
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (4)
CDR: Accreditation
| Code | Title |
|---|---|
| CDR-ACC-1 | Unrestricted Accreditation |
| CDR-ACC-2 | Sponsored Accreditation |
| CDR-ACC-3 | Affiliate Accreditation |
| CDR-ACC-4 | CDR Representative Model |
| CDR-ACC-5 | Trusted Adviser and Insight Disclosure |
| CDR-ACC-6 | Accredited Action Initiator |
CDR: Consent and Authorisation
| Code | Title |
|---|---|
| CDR-CON-1 | Voluntary Consent |
| CDR-CON-2 | Express Consent |
| CDR-CON-3 | Informed Consent |
| CDR-CON-4 | Specific Consent |
| CDR-CON-5 | Time-Limited Consent |
| CDR-CON-6 | Withdrawable Consent and Authorisation |
CDR: Privacy Safeguards (CCA Part IVD Div 5)
| Code | Title |
|---|---|
| CDR-PS-1 | Privacy Safeguard 1: Open and Transparent Management of CDR Data |
| CDR-PS-10 | Privacy Safeguard 10: Notifying of the Disclosure of CDR Data |
| CDR-PS-11 | Privacy Safeguard 11: Quality of CDR Data |
| CDR-PS-12 | Privacy Safeguard 12: Security of CDR Data, and Destruction or De-identification |
| CDR-PS-13 | Privacy Safeguard 13: Correction of CDR Data |
| CDR-PS-2 | Privacy Safeguard 2: Anonymity and Pseudonymity |
| CDR-PS-3 | Privacy Safeguard 3: Seeking to Collect CDR Data from CDR Participants |
| CDR-PS-4 | Privacy Safeguard 4: Dealing with Unsolicited CDR Data |
| CDR-PS-5 | Privacy Safeguard 5: Notifying of the Collection of CDR Data |
| CDR-PS-6 | Privacy Safeguard 6: Use or Disclosure of CDR Data |
| CDR-PS-7 | Privacy Safeguard 7: Use or Disclosure of CDR Data for Direct Marketing |
| CDR-PS-8 | Privacy Safeguard 8: Overseas Disclosure of CDR Data |
| CDR-PS-9 | Privacy Safeguard 9: Adoption or Disclosure of Government Related Identifiers |
CDR: Rules, Security and Oversight
| Code | Title |
|---|---|
| CDR-RULE-BREACH | CDR Data Breach and Notifiable Data Breach |
| CDR-RULE-COMPLAINTS | Complaints and Internal Dispute Resolution |
| CDR-RULE-CONFORMANCE | Conformance Testing (CTS) |
| CDR-RULE-DASHBOARD | Consumer Dashboards and Receipts |
| CDR-RULE-DESIGNATION | Sector Designation and Scope |
| CDR-RULE-OSP | Outsourced Service Provider Arrangements |
| CDR-RULE-OVERSIGHT | Regulator Oversight and Enforcement (ACCC and OAIC) |
| CDR-RULE-SECURITY | Information Security (CDR Rules Schedule 2) |
Your Compliance Coverage
If you comply with Consumer Data Right (CDR) Framework (Australia), you already cover:
Maps to 3 other frameworks
Frequently Asked Questions
What is Consumer Data Right (CDR) Framework (Australia)?
Consumer Data Right (CDR) Framework (Australia) is a compliance framework from Australia with 4 domains and 33 controls. Australia's Consumer Data Right (CDR) framework, established under Part IVD of the Competition and Consumer Act 2010, enables consumers to securely share their data with accredited third parties. It was first implemented for the banking sector (Open Banking) and subsequently rolled out for energy (July 2022) and non‑bank lending (2023). Additional sectors such as telecommunications and health are in advanced development. The framework is overseen by the ACCC and continuously updated through CDR rules and data standards. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does Consumer Data Right (CDR) Framework (Australia) have?
Consumer Data Right (CDR) Framework (Australia) has 33 controls organised across 4 domains. The largest domains are CDR: Privacy Safeguards (CCA Part IVD Div 5) (13 controls), CDR: Rules, Security and Oversight (8 controls), CDR: Accreditation (6 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does Consumer Data Right (CDR) Framework (Australia) map to?
Consumer Data Right (CDR) Framework (Australia) maps to 3 other compliance frameworks. The top mapping partners are GDPR (36% coverage), NIST SP 800-53 Rev 5 (3% coverage), ISO 27001:2022 (3% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with Consumer Data Right (CDR) Framework (Australia) compliance?
Start your Consumer Data Right (CDR) Framework (Australia) compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about Consumer Data Right (CDR) Framework (Australia) requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 33 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 700 frameworks.
Get Started Free →Free forever — no credit card required