GDPR 8. Children


Horsham, UK



+44 1403 801 001


GDPR 8. Children

October 30, 2017

Children are given special protection under GDPR, especially in social media or commercial services.


You should check if you need to implement age validation in place to verify individual's age, as you might need to obtain parental or guardian consent to process children's personal data.


GDPR defines the age at which children can give consent on their own without involving a parent or guardian at 16 (it's 13 in the UK). If the child is under this age, you need to obtain parental or guardian consent.


This could be a very important issue for your organisation if you process children's data by offering online services. Consent must be verifiable, and the privacy notice needs to be written in a language appropriate for the audience it is intended for.


All the above is of course relevant if the lawful basis under which you process children's data is consent. For other alternatives you should consider if the child can understand and consent for themselves.


This is referred to as the Gillick competency test, or alternatively, the Fraser Guidelines, which refer to a 1982 English court case where a mother took the West Norfolk and Wisbech Area Health Authority to court to attempt doctors to stop giving sexual advice to a child under 16.


It is important to keep in mind that you need to strike a balance between children's rights with your responsibilities to keep children safe from harm. 


If you have any doubts regarding these issues, it is always a good idea to get advice from the ICO. They will be able to tell you either way if you should seek parental consent for the activity you want to offer.


GDPR is coming into force on 25th May 2018


< 7. Consent      9. Data Breaches >


Please reload

Recent Posts

Please reload


Please reload


Please reload