Question
Can you please detail the Data Holder obligations around sending notifications to customers when a consent is created, withdrawn or expired?
Answer
A data holder is required to update a CDR consumer’s dashboard as soon as practicable after the information required to be contained on the dashboard changes (see Rule 4.27). Information that must be contained on the consumer dashboard is set out in rule 1.15 and includes details of the CDR consumer's authorisations.
In addition to the rules, you may also want to consider what the CX Guidelines say about management of authorisations. However, it is important to note that the CX Guidelines contain recommendations that MAY be followed, as well as mandatory requirements. Please refer to RC 2119 which gives guidance on how uppercase terms (for example, MAY) should be interpreted.
Comments
1 comment
I think this question is referring to the mandatory notifications via email, sms and secure message. The answer appears to be about the dashboard and status within the dashboard.
Please sign in to leave a comment.