To join the Consumer Data Right ecosystem, a participant should not only build their Consumer Data Right solution and follow the ACCC Consumer Data Right activation process but also consider the various internal readiness activities that ensure a smooth go-live.
These activities will differ from participant to participant but may include reporting considerations, updating of standard operating procedures, policy design, staff training plans and process updates.
It is important to commence compiling a list of business readiness activities upfront and early on in a participant’s activation journey. Participants need to allow sufficient time for the allocation of appropriate resources and capabilities and to ensure that appropriate design considerations have been made to the solution build to match the participant’s internal way of working.
A list of topics is provided below for participants to consider as part of their business readiness planning. This list is not definitive or exhaustive and is subject to the participant’s own ways of working.
- Consumer Data Right policy – All Consumer Data Right entities must maintain a clearly written, up-to-date Consumer Data Right policy. A Consumer Data Right policy is a document that provides information to consumers about how Consumer Data Right data is managed and how they can make an inquiry or make a complaint. The resources below provide more guidance on Consumer Data Right policy development:
Privacy Safeguard Guidelines - Chapter 1
Guide to developing a CDR policy
Guide to privacy for data holders
- Process changes – The introduction of the Consumer Data Right may impact the way current processes are executed or require new processes to be established. A process impact analysis is one way to determine the level of change to be planned for.
- Standard operating procedures – For new or revised processes, standard operating procedures (SOPs) may require updating.
- Risk & Control Matrix – The introduction of new technology and process changes may prompt a revision to your Risk & Control Matrix (RACM).
- Business Continuity Plan – The introduction of new technology may prompt a revision of the Business Continuity Plan (BCP).
- Reporting – Depending on a participant’s use of the Consumer Data Right, this may introduce additional internal reporting requirements. Consideration should be given to ensuring how to meet the requirement of Consumer Data Right complaints reporting.
- Complaints handling process – As a requirement of the Consumer Data Right policy, participants are required to outline their complaints handling process and report on Consumer Data Rights complaints. To cater to the reporting requirements, participants may need to consider additional or different reporting classifications and training of staff who will manage complaints.
- Awareness – As Consumer Data Right is a relatively recent program, participants should consider raising internal awareness of the Consumer Data Right and the role they play in the ecosystem across their organisation.
- Training – Typically driven by role changes, training will support the business adoption and successful go-live in the Consumer Data Right ecosystem. Training scope, strategy, plan, content and delivery are all considerations.
- Customers – The introduction of the Consumer Data Right is likely to impact customer transactions and interactions with the participant. Supporting customers as they navigate and adopt the Consumer Data Right offering is an important consideration.
- Ancillary systems – Analysis of the impact to ancillary systems should be explored to understand if any updates, upgrades, integrations or functionality improvements, etc. are required.
- Technology landscape and architecture – Understand how the Consumer Data Right impacts the technology landscape and the architecture of the business.
- Technical / Technology support – With the introduction of a new technology, ongoing technical support of that technology should be explored as well as the technical collaboration with other participants in the ecosystem if technical issues arise.