General Data Protection Regulation

GDPR Overview

The EU General Data Protection Regulation (GDPR) went into force and COPPA isn’t the toughest rule to deal with anymore. The EU has taken it up a notch causing a good bit of alarm for companies that target or attract minors under the age of 16.

What you need to know

  • Collecting information from any minor under the age of 16 will need parental consent. Individual Member states will be allowed to lower this age, but many of the 28 states are expected to retain the “under 16” age limit.
  • Violations for non-compliance could result in penalties up to 4% of the organizations worldwide revenue or 20 million Euros, whichever is greater.


Age of Consent

The GDPR has set the age of consent at 16, so users 15 years and younger need parent consent where applicable. However, member states can choose a younger age down to 13.

Developers will need to prove that where they gain consent is valid, that it is informed and granular and that they have methods in place to allow parents to exercise their rights in relation to their children. This may require parent dashboards or a parent portal to allow for the management of consent and revocation.

Check out our Age of "Digital" Consent Chart

Need more information?

Contact us