Measure twice, cut once: due diligence when choosing a CDR provider


Any savvy business executive (or the technical teams who support them) will tell you that choosing the wrong service provider can cause a lot of long-term pain. You could get locked into an expensive contract or have to commit extra resources to prop up an under-performing partnership. 

Then if you finally decide that you need a new provider, you’ll have to account for the cost of transferring: a hit to your bottom line and – often more crucial – change management fatigue within your team. 

So when it comes to choosing the right CDR tech provider for your business, how can you avoid signing the wrong contract?

Consumer Data Right (CDR) has ushered in some complicated new legislation. So it’s crucial to understand how your own unique business needs compare against the product offering of a CDR provider. 

To ensure your business needs will be met, it’s necessary to complete a full assessment of a CDR provider when deciding to engage their services. To help get you started, we’ve put together a list of essential questions.

Assessment questions for choosing your CDR provider:

  1. How many customers do you have as a CDR intermediary with ‘active’ status?

    A long list of clients can look like an impressive portfolio, there’s a big difference between ‘accredited’ and ‘active’ clients. If you really want to leverage CDR data, you need a provider with a proven track record of securing ‘active’ status for their clients. More detail on that in question 3.

    You’ll also want to determine what solutions are being offered to their many clients. Many service providers are using non-CDR solutions like screen-scraping. Be sure your provider is using verified Data Recipient software.

  2. What access models do you support?

    Maybe you only want to leverage CDR data insights. Or perhaps you want to be a CDR Representative instead of going through your own CDR Accreditation. If your organisation wants to be a more significant contributor to the CDR ecosystem, CDR Representative is a powerful option. Some businesses need full unrestricted access and are ready to start the journey to becoming an ‘Accredited Data Recipient’.

    Each access model comes with its own unique benefits and specified regulatory requirements. But many CDR providers only service one or two access models and could try to shoe-horn you into an unsuitable solution.

    To make sure you’re building the right CDR access model for your organisation, find a provider who can both identify and deliver the right model for your business’ needs.

    *Still getting your head around the various access models? We’ve made it super simple with our blog explaining the latest ways to access CDR.

  3. Describe your operational support, technical processes and timelines for transitioning a client from CDR accreditation to ‘Active’ status?

    First off, if you don’t yet understand ‘accredited’ vs ‘active’ statuses, you’ll want to read our blog explaining the difference between the two CDR milestones.

    While accreditation is an important milestone, it doesn’t provide any actual functionality or access to data in the CDR ecosystem. The journey from accredited to active is complex, and many businesses are misguided about what’s involved in attaining active status.

    To be confident your CDR provider can get you there:

    1. Ask them to articulate the technical process they’ve used to achieve active status for their clients, and the support they provided along the way.
    2. Ask them to explain the program of work and how much of it will sit with their team and your team, both initially and ongoing.
    3. Make sure you have a clear understanding of what your business will have to build independently.
    4. Ask for real examples of how long it has taken for their other clients.
    5. Ask what success they have had with the Conformance Test Suite (CTS)? Do they have any processes to streamline this stage of activation?
    6. Always establish a committed timeframe!
  4. In the end-to-end consumer journey, what mechanisms for consent does your platform include/exclude?

    Suppose you’re looking to achieve CDR Representative or Accredited Data Recipient status. You’ll want to make sure the platform you choose can capture every element of consent set out in the CDR and also keep up with the constantly changing customer experience guidelines.

    Many CDR providers simply aren’t ready to deliver a comprehensive consent dashboard. To get a sense of a provider’s capability, look for the following in their consent dashboard:

    1. Do they offer a white-labelled option? What if you want to build your own consent dashboard? If you’re choosing the white-labelled option, find out what you’ll be able to configure, including: the font, logo, colour scheme, use case, data clusters and configuration of questions that relate (or don’t relate) to your business’ proposition.
    2. Does it include the full suite of consent functionality, including: granting, managing, viewing, extending, expiring and withdrawing consent?
    3. Do they offer de-identification or de-personalisation?
      Some providers are selling de-personalised data as de-identified data, but they’re absolutely not the same. De-personalised is far less robust and doesn’t comply with the highest standards of data management. Current legislation accommodates this loophole, but that won’t always be the case. Choosing a platform that offers de-identification now will save you a headache in the future.
    4. Is their platform delivered to meet the accessibility standards set out in the CDR regulations? How have they measured this?
      As with any government-regulated technology, the consumer-facing element of the CDR platform needs to meet the legislated accessibility standards. Whether you choose to build your own or use a white-labelled dashboard, make sure it meets Level A of the web content accessibility guidelines version 2.0 (WCAG 2.0).

  5. How many data sources do you have connected now? When my business wants to add new data sources – from a new bank, telco or other industry – how will you make that happen, and how long will it take?

    What you’re looking for here is sophisticated technology that will keep up with your evolving business needs. Many providers can only connect new data sources through a manual process – likely passing on the cost of manual effort to their clients and slowing their ability to deliver a new use case.
    If you’re an agile business in need of responsive technology, you’ll want a provider with automated registration and connectivity of new data sources. This will keep your organisation in the driver’s seat of data management. 

Finding the right CDR provider is more than just a platform subscription – it’s a long-term partnership. The foundations of the relationship often define the success of a partnership. 

When it all comes down to it, the best provider is a partner who lives and breathes CDR. That kind of focus ensures your business can benefit from expert guidance now and long into the future. So do your due diligence. Find the right provider. And move into CDR with confidence. 

We love talking about CDR at Adatree. Please reach out to our team if you’d like to speak to us about any of the above requirements. 

If you’re still getting your head around CDR, check out our Practical Guide to CDR Accreditation.

Ready for a demo? Book one today!