There's no statutory rule on when children can provide consent
The UK GDPR doesn't define the age at which children can provide consent for their own personal data to be processed. The only exception is biometric data (see below).
The Information Commissioner's Office (ICO) doesn't set an age either, but it does say you need to consider the competence of the child – whether they have the capacity to understand the implications of the collection and processing of their personal data.
If they do have this capacity, they're considered competent to give their own consent, unless it's evident that they're acting against their own best interests.
If you don't consider the child competent, you'll need to seek parental consent, unless it's evident that would be against the best interests of the child.
The Data Protection Act 2018 does say that pupils using online services must be aged 13 or over