These pages sit alongside our Guide to the GDPR and provide more detailed, practical guidance for UK organisations who are processing children’s personal data under the GDPR. 

This guidance focuses on the additional, child specific considerations. You must also read the Guide to GDPR for the requirements that apply to all data subjects.

When we refer to a child we mean anyone under the age of 18. This is in accordance with the UN Convention on the Rights of the Child which defines a child as everyone under 18 unless, "under the law applicable to the child, majority is attained earlier" (Office of the High Commissioner for Human Rights, 1989). The UK has ratified this convention. 

When we refer to someone with parental responsibility for a child we mean someone who, according to the law in the child’s country of residence, has the legal rights and responsibilities for a child that are normally afforded to parents. This will not always be a child’s ‘natural parents’ and parental responsibility can be held by more than one natural or legal person. 

The GDPR contains provisions intended to enhance the protection of children’s personal data and to ensure that children are addressed in plain clear language that they can understand. Transparency and accountability  are important where children’s data is concerned and this is especially relevant when they are accessing online services. However, in all circumstances you need to carefully consider the level of protection you are giving that data.

This guidance will help you understand the child specific considerations you need to think about when deciding on your lawful basis for processing a child’s personal data. 

It will help you understand what you need to do when you offer an information society service (ISS) to a child and process their personal data on the basis of consent, and what you need to consider if you are thinking about marketing or profiling children.

It also explains what you need to include in your privacy notices, and what rights children have under the GDPR.

For an introduction to the key themes and provisions of the GDPR, you should refer to the Guide to the GDPR. You can navigate back to the Guide at any time using the link at the top of this page. Links to other relevant guidance and sources of further information are also provided throughout.

When downloading this guidance, the corresponding content from the Guide to the GDPR will also be included so you will have all the relevant information on this topic.