Processing children’s data is a sensitive topic, as they are identified as “vulnerable individuals” who deserve “special protection”. In the case of online services consent should be given by a person with parental responsibilities for the child. The requirement stands for children under the age of 16. Member States may be permitted to lower the age limit, but not less than 13 years old. If you offer services directly to a child, make sure all notices are drafted with their understanding in mind.
To note also, that even though the idea of protecting them is mentioned several times in the GDPR the final text offers few dispositions and any real restrictions will most likely come from national laws or codes of conduct. Most of the requirements regarding children’s data processing, such as parental consent, are only available in the case of online data. Offline data remains subject to the laws of each Member State.