These guidelines provide examples for how to implement business consumer disclosure consents.
Overview
Business consumer disclosure consents enable businesses to consent to accredited data recipients sharing their CDR data with software products or specified persons who are not accredited, like bookkeepers, consultants and other advisers who are not classified as trusted advisers under the current CDR Rules.
In accordance with CDR Rule 1.10A(9)–(14), the accredited data recipient must:
- take reasonable steps to confirm that the consumer is a CDR business consumer;
- invite a consumer to make a business consumer statement, certifying that the consent is given in a business capacity;
- not make the giving of a business consumer disclosure consent, or business consumer statement a condition for supply of the goods or services requested, unless the only service that is requested is for data collected and disclosed to a specified person.
Under CDR Rule 1.10AA(1)(a), CDR representatives cannot deal with consumers in their capacity as a CDR business consumer.
Wireframes and guidelines
Note: The wireframes shown are examples of how to implement key rules, standards, and guidelines. Use the on-screen functions to adjust zoom level or expand the wireframes to be viewed at full screen.
Detached flow
The following wireframes show a basic example of a business consumer disclosure consent. In this example:
- the collection/use consent has already been separately established, allowing a disclosure consent to be requested in a separate consent flow;
- the consumer has selected the specified person during consent.
Bundled CDR Consents
The following wireframes show a basic example of a bundled Collection, Use and Business consumer disclosure consent request by an accredited data recipient. In this example,
- the data recipient is requesting a collection consent, a use consent, and a disclosure consent in a single consent flow;
- the accredited data recipient has pre-selected the specified person.
This pattern could, for example, apply when the CDR consumer has a pre-existing relationship with a non-Accredited Person and the data recipient can reasonably assume that the consumer is engaging their service to disclose their data to this specified person. Data recipients should use their discretion to determine whether a step to select the specified person is required for their service. For example, the selection step may be necessary where the data recipient offers a range persons to whom the consumer can disclose.
Download open source asset
Open source design assets are created in Figma for the purposes of assisting implementation. This Figma file contains annotated wireframes and working prototypes for Business consumer disclosure consents, including:
- Detached flow
- Bundled CDR Consents
Item | File | Date released | Version introduced |
|---|---|---|---|
March 19, 2025 | 1.34.0 |
For past versions, refer to Change log.
About this page
References
The artefacts on this page were informed by the following sources.
Title | Author | Year | URL | Type |
|---|---|---|---|---|
Data Standards Body (DSB) | 2023 | Consultations | ||
Data Standards Body (DSB) | 2023 | Consultations | ||
The Treasury | 2024 | Consultations | ||
Data Standards Body (DSB) | 2024 | Consultations | ||
Data Standards Body (DSB) | 2021 | Research | ||
Australian Competition and Consumer Commission (ACCC) | 2024 | Guidance | ||
Nielsen Norman Group (NNG) | 1994 | Other |
Last updated
This page was updated @March 19, 2025
Have your say
Community consultations and maintenance are part of our ongoing process. Here’s how you can get involved:
- Request new Guidelines or changes to existing Guidelines through the CX Guidelines Consultation process
- Request new Standards or changes to existing Standards through the Standards Maintenance process
- Log a ticket for any questions about the rules, standards, or guidelines through the CDR Support Portal
- Email your feedback to cx@dsb.gov.au
Quick links to CX Guidelines: