Processing Data Belonging to Children

Do you process data belonging to children?

If so do you have adequate systems in place to verify individual ages and gather consent from guardians?

The GDPR contains new provisions intended to enhance the protection of children’s personal data. Where services are offered directly to a child, you must ensure that your privacy notice is written in a clear, plain way that a child will understand.

If you offer online services to children, you may need to obtain consent from a parent or guardian to process the child’s data. 

The GDPR states that, if consent is your basis for processing the child’s personal data, a child under the age of 16 can’t give that consent themselves and instead consent is required from a person holding ‘parental responsibility’ this is as it stands within the UK, however, it does permit member states to provide for a lower age in law, as long as it is not below 13.