Kids and the new general data protection regulation (GDPR)

07 July 2017

One of the changes in the new general data protection regulation is that the protection of kids personal data is a lot stronger than the previous regulation. Which can have huge consequences for your association.

Who will have the toughest time when GDPR, the general data protection regulation is enforced on May 25'th 2018

Large multinational companies, banks, IT vendors? Oh yes, they all will have their hands full when GDPR is enforced.

But someone that also needs to be on their toes are the local scouts club.

Higher requirements for parental consent

EU's new regulation for processing of personal data will strengthen the protection of children below the age of 16. Amongst other things there will be tougher demands to prove that you have the lawful basis for processing data about the kid. If you are offering an online service (think message board, club website with login) you will also have to have the guardians consent to process the child's personal data.

If your organisation in one way or another store, process or use personal information about children, you need to be extra vigilant with your routines.

Organisations that are likely to be affected are for example:

  • Sports Clubs (Football, grassroots, hockey teams, riding clubs and more.)
  • Schools and pre-schools
  • Scouts and other associations with members below the age of 16.

Focus on social media

A strong focus in GDPR is on giving kids stronger rights when it comes to internet services such as social media networks.

So if you association has any type of web based games, a community site, team website or similar you need to be vigilant to follow the tougher requirements in GDPR to avoid fines up to €20 millions.

Inform so that kids understand

You need to make sure to have proper routines to process personal information in the future, but it's a great idea to also create or update information that you give to your members when you collect the data. In GDPR it is the law to inform your members how you will use, their data in a clear and simple language that children can understand when you ask members for their personal data.

The age for kids can be lower, 13 years old

The default in GDPR is that everyone below the age of 16 is considered a child, but each member state can choose to lower the age to as low as 13 years. To be extra vigilant and protect the personal integrity you should keep the age limit at 16.

Konsento makes it easy for you to comply with GDPR.

if you want to be on the safe side when processing information about children you should be using Konsento.

Konsento helps your sports club, non-profit, ngo or other association to store and manage children's personal information in a safe way in line with the tougher GDPR requirements. Read more: Konsento - this is how it works.

Get Started Today!

Ensure and manage GDPR compliance - the easy way

Email us at