5CM1.03.04
04
It is at the data holder's discretion to determine the actual process of providing a dashboard to an offline customer for the purposes per Schedule 4, Rule 2.3(2). These guidelines demonstrate one possible approach, where the data holder relies on existing authentication credentials and channels successfully used by the offline customer, along with an access code that is unique to the consumer for greater security. In this example, the offline consumer could be provided with a standalone dashboard without needing to register for an online account. A data holder could offer or activate online account registration as part of this process. A data holder could also require registration for an online account for dashboard access where, for example, the dashboard is only available through an existing online portal or mobile app. A data holder may choose to make the dashboard accessible via an online account or another mechanism. The actual implementation of dashboards for offline customers is at the data holder's discretion and may be contingent on a number of factors, including the data holder's security posture.
CDR Rule 2.3(2) (Schedule 4) | CDR Support Portal: Offline Customer Guidance
Consent Management (Data holder): Authorisations
17 May 2022