Question
Can you please detail the Data Holder obligations around send notifications to customers when consent is created, withdrawn or expired?
Answer
In terms of informing the CDR consumer about their authorisations, a data holder is required to keep the consumer dashboard updated (Rule 4.27). Information that must be contained on the consumer dashboard includes details of the CDR consumer's authorisations (Rule 1.15)(b).
In addition to the rules, you may also want to consider what the CX Guidelines say about management of authorisations. See, e.g., page 108. But it is important to note that the CX Guidelines contain recommendations that SHOULD be followed, as well as mandatory requirements.
Comments
1 comment
I think this question is referring to the mandatory notifications via email, sms and secure message. The answer appears to be about the dashboard and status within the dashboard.
Please sign in to leave a comment.