These guidelines provide examples for how to implement business consumer disclosure consents.

<aside>

On this page </aside>

Overview

The object statement in CDR rule 4.9 provides a strong foundation for giving and amending CDR consents.

Object statement

A high level example of the potential relationship between the initial collect and use consent between the data recipient and a data holder, and a business consumer disclosure consent.

Business consumer disclosure consents enable businesses to consent to accredited data recipients sharing their CDR data with software products or specified persons who are not accredited, like bookkeepers, consultants and other advisers who are not classified as trusted advisers under the current CDR Rules.

In accordance with CDR Rule 1.10A(9)–(14), the accredited data recipient must:

take reasonable steps to confirm that the consumer is a CDR business consumer;
invite a consumer to make a business consumer statement, certifying that the consent is given in a business capacity;
not make the giving of a business consumer disclosure consent, or business consumer statement a condition for supply of the goods or services requested, unless the only service that is requested is for data collected and disclosed to a specified person.

Under CDR Rule 1.10AA(1)(a), CDR representatives cannot deal with consumers in their capacity as a CDR business consumer.

Wireframes and guidelines

Note: The wireframes shown are examples of how to implement key rules, standards, and guidelines. Use the on-screen functions to adjust zoom level or expand the wireframes to be viewed at full screen.

</aside>

Detached flow

The following wireframes show a basic example of a business consumer disclosure consent. In this example:

the collection/use consent has already been separately established, allowing a disclosure consent to be requested in a separate consent flow;
the consumer has selected the specified person during consent.