Under the GDPR, each individual has the right to be given information about how their data is being processed and why. The first step should happen when asking for their consent – here the individual needs to understand all the details regarding the processing. However, they have the right to be informed after they have given consent as well. If they want they should be able to know how their personal data is being used at every step of the way. All information you supply to an individual should be concise, intelligible, easily accessible, free of charge and written in plain language. The last condition is especially important if you are addressing children, the language you use should be understandable to them.
As to what exactly you should be telling the data subject, there are a variety of categories of information. These include the identity and contact details of the controller and if applicable those of the data protection officer; the source the personal data originates from; if there has been any automated decision making, including profiling and how these decisions are made. You should also inform data subjects of any transfers to third countries and the safeguards that exist.