(1) A person is an accredited data recipient , of CDR data, if:
(a) the person is an accredited person; and
(b) the CDR data is held by (or on behalf of) the person; and
(c) the CDR data, or any other CDR data from which it was directly or indirectly derived, either:
(i) was disclosed to the person under the consumer data rules; or
(ii) is covered by subsection (2) for the person; and
(d) the person is neither a data holder, nor a designated gateway, for the first - mentioned CDR data; and
(e) the first - mentioned CDR data is not being held by (or on behalf of) the person as an action service provider for a type of CDR action.
Note: For paragraph (d), the person will be a data holder of that CDR data if subsection 56AJ(4) applies.
(2) This subsection covers CDR data for a person if:
(a) the CDR data is information that relates to a CDR consumer for a CDR action; and
(b) the person is authorised by the consumer data rules to use or disclose that information to prepare or give a valid instruction for the performance of the CDR action on behalf of the CDR consumer.
Note: This CDR data is information that is CDR data because of paragraph 56AI(1)(aa). Paragraph 56BGA(1)(d) ensures the rules can give the authorisation referred to in paragraph (b) of this subsection.