Strong privacy safeguards are built into the Consumer Data Right to make sure data is protected. The CDR privacy safeguards set out privacy rights and the strict obligations on businesses collecting and handling data: https://www.oaic.gov.au/consumer-data-right/privacy-obligations

NextGen can handle CDR data as we have been accredited by the Australian Competition and Consumer Commission (ACCC) and must meet strict requirements for:

Obtaining consent

NextGen will only collect data from another business where we have received express consent from your client. Consent can be withdrawn at any time.

Data collection, usage and storage

NextGen will only collect and use data to provide the product or service requested. We will make it clear when we collect data.

If consent is withdrawn, we will stop using your client’s data and delete or, where permitted at law, de-identify any previously collected data, unless an exception applies.

Information security

NextGen meets strict information security requirements. This includes ensuring data is protected from misuse, interference and loss, as well as from unauthorised access, modification or disclosure.

Protecting privacy

CDR data is transferred via a secure online system to protect your clients’ privacy and information.

There are a number of other privacy rights under the Consumer Data Right. For example, as an Accredited Data Recipient, we are prohibited from sending data overseas, unless an exception applies.

You can find out more about CDR privacy rights in this Government fact sheet: https://www.cdr.gov.au/resources/fact-sheets-consumers#goto-privacy