About this guide

The Competition and Consumer Act 2010, CDR Rules and Standards impose a range of requirements that data holders, accredited data recipients and other participating entities (for example, outsourced service providers and CDR representatives) must comply with.

The focus of this guide is on the obligations for data holders arising under the CDR Rules and Standards in relation to the Banking sector only.

The Australian Information Commissioner (OAIC) has certain privacy-related regulatory responsibilities under the CDR regime, in particular the enforcement of the Privacy Safeguards under Part IVD of the Act. Some of these safeguards impose obligations upon data holders. Data holders should read this guide alongside guidance issued by the OAIC Guide to privacy for data holders and CDR Privacy Safeguard Guidelines.

This guide is limited to data holder obligations after registration and on-boarding have been completed.

Some data holders may be an accredited data recipient in addition to being a data holder. Accredited data recipient status imposes separate and additional obligations that are not covered in this guide.

This guide is current as at the date of publication. The CDR operates in a dynamic regulatory framework and users of this guide should ensure they refer to the current versions of the CCA, the CDR Rules, Standards and other compliance guidance material referred to throughout this guide.