Step 2: Identifying impacts on children's rights
-
Due to the Data (Use and Access) Act coming into law on 19 June 2025, this guidance is under review and may be subject to change. The Plans for new and updated guidance page will tell you about which guidance will be updated and when this will happen.
An effective children’s best interests assessment requires a detailed and nuanced understanding of how, why and when your service processes children’s data. You also need to be aware of the service features that shape how children and parents engage with this processing, to ensure you conform with the service design-related standards within the code. An understanding of these two areas lays the groundwork for you to identify how your service can risk, or support, children’s rights and best interests.
Mapping and describing your data processing is an integral and established part of the Data Protection Impact Assessment (DPIA) process. The code DPIA standard sets out questions and activities to consider for this mapping, and describing the nature, scope, context and purpose of the processing. Considering your journey map at this stage will later help you with your DPIA.
To give you further support to identify the features of your service that are relevant to the code, we’ve created data privacy moments maps.
The following section outlines examples of how common uses of children’s data can impact on their specific rights.