Skip To Content

Data holder solution

Simplify data holder

Expert guidance and peace of mind as we manage your data holder obligations. Partner with a single provider for a comprehensive CDR solution.

Used by organisations including

What is a data holder?

Data Holders sit within the CDR ecosystem which is legislated by the Australian Government. They are entities that hold consumer data and are authorised to provide access to that data to other parties, known as Accredited Data Recipients, based on a consumers explicit consent.

Learn more

What are the requirements for data holders?

Security & privacy

Data holders must implement robust security measures to protect the consumer data they hold. This includes encryption, access controls, and regular security assessments. Privacy considerations are also crucial, and data holders need to ensure that consumer data is used only as intended and in compliance with relevant privacy laws.


Data Holders need to implement technical standards and protocols that allow for secure and standardised data sharing between different entities within the CDR ecosystem. This ensures that the process is seamless and consistent for consumers and Accredited Data Recipients.

Consumer Consent

Before sharing consumer data with Accredited Data Recipients, Data Holders must obtain explicit and informed consent from the consumer. Consent should be granular, allowing consumers to specify which data they want to share and for what purposes.


Data Holders must be authorised by the Australian Competition and Consumer Commission (ACCC) to operate under the CDR framework. This involves meeting specific criteria related to data security, privacy, and technical capabilities.

Data Sharing

Data Holders are required to allow consumers to access their own data and share it with authorised third parties if the consumer gives explicit consent. This enables consumers to use their data to compare products and services, make informed decisions.

Data Accuracy
& Integrity

Data Holders are responsible for maintaining accurate and up-to-date consumer data. Consumers should be able to trust that the data being shared is correct.

& Reporting

Data Holders are subject to ongoing regulatory oversight. They must report on their compliance with CDR rules and respond to any inquiries from the ACCC or other relevant authorities.

Complexity made simple

As part of the Cuscal group, our data holder solution is crafted to simplify the complexities of CDR compliance, providing a robust framework for secure data management and sharing.

We have you covered

All you need to do is build to the provided API specs

While we manage:

CDR authorisation, accreditation and compliance

& Ongoing
reporting to
the ACCC

Data sharing & Interoperability governance

Consent management

Security &
privacy compliance assessments