One of the biggest differences between Open Banking and older ways of connecting your bank is that consent is time-limited by law. It expires on its own, and you can withdraw it whenever you like. Here's exactly how it works under the Consumer Data Right (CDR).
The maximum is 12 months
When you give consent, you choose how long it lasts, up to a maximum of 12 months under CDR Rule 4.14. There's no indefinite access: at the end of the period, sharing stops automatically. If you want a shorter window, you can pick one on the consent screen.
What happens when consent expires
When a consent reaches its end date:
- Data sharing stops at your bank.
- Any syncs that depend on that consent are disabled.
So that sync doesn't stop unexpectedly, Redbark runs a daily job that sends you an advance notice 90 days before a consent expires, giving you time to renew first.
Withdrawing consent early
You're never locked in. You can withdraw consent at any time, and it takes effect in real time:
- It revokes access at the bank.
- It disables every sync that relied on that consent.
- It queues deletion of the associated connection data and tokens.
CDR Rule 4.16 requires withdrawal to be as easy as giving consent in the first place. You can manage consents through Fiskil's consent dashboard or your Redbark Consents page.
Where to see your consents
Every active consent — its status, the data categories, and its expiry date — is visible in your Redbark account. Because Redbark stores no transaction data, there's nothing left holding your data once a consent ends.
New to Open Banking? Start with how the CDR compares to screen-scraping, or connect one of the banks we support.