Children's Data may be hiding in your systems
You may not realise it, but you may be hiding data on children somewhere in your organisation. And, if you are preparing for GDPR (and we hope you are), you need to seek it – fast.
Coming, ready or not.
Child protection has been strengthened in the GDPR with new provisions put in force. Under the new regulations, privacy notices will have to be written in a clear, simple way that is easily understood by children and in the case of online services you may need to get the consent of a parent or guardian to process the child’s data – as any child under 16 cannot give consent themselves. The new UK Data Protection Bill published in September currently going through Parliament), lowers that age to 13 however.
So to avoid a data protection breach and suffer the subsequent punishing GDPR financial penalties it is essential that you search all possible locations for children’s data to be sure you are compliant.
One possible hidey-hole that’s worth a peek is your HR department. The company may have had young work experience students coming in for the odd week here and there, whose presence would have been registered for insurance purposes. They may be working themselves now, but their data might still remain on your systems long after the event. Or you may find that as part of an employee benefit scheme the details of dependents were logged, which might naturally include children under the age of consent. This is something we learnt from our own personal experience at Agile Solutions.
You can download our useful guide which will help you plan for and hopefully lessen the GDPR impact on your organisation.
Just remember to ask yourselves before the GDPR deadline arrives in May 2018, “Do we hold any childrens' data that is non compliant?”. Not to do so could prove very costly.