The GDPR, week #10. The kids are alright, aren't they?
14 Feb 2018
Most organisations that are commercially driven and looking to acquire and develop customers will be focused on adults. So that probably also applies to you, but with some significant variations dependent on the sector you're working in. As far as the GDPR and the Data Protection Bill that's making it's way through Parliament are concerned, no-one under the age of 13 can provide consent (which if you are planning to market to them is your most likely basis for processing their data). And for under 13s their parents or guardians should be responsible for providing consent - with exceptions for specific services like counselling, etc.
www.ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/applications/children/
Even if you have no desire to be promoting your services to children, why not have a quick chat with your data team and ask if their databases, i) have any dates of birth prior to 2005, ii) how often their data matching and profiling suggests that people in your database are children. If either's the case then you should plan to treat them differently and - especially if you are providing services inappropriate to children - consider removing or suppressing their data straightaway.
Please login to comment.
Comments