Children and the GDPR guidance

Date: 17th January 2018
Category: Protection of privacy

Girl - 4

The ICO is seeking comments on draft Children and GDPR guidance to ensure a child's right to privacy is met when their personal data is processed.


The guidance was developed with input from academics, child advocacy services, NGOs, and industry representatives. Once consultation responses are collated a final guidance will be published.

The General Data Protection Regulation (GDPR) will come into force from 25th May 2018 and will introduce new, specific legal responsibilities for organisations processing children's data. However, the ICO recommend that organisations begin working towards compliance now. There are new rules included in the GDPR concerning areas such as automated decision-making, the right to erasure and also around consent. Organisations offering online services to children will need to review their existing processes before May to ensure they meet the relevant requirements.

Both individuals and organisations can respond to the consultation.