10,714 athletes – that’s a lot of data!

Image from Unsplash

The Olympics and Data Protection

The Paris 2024 Olympics are still underway, a global event that captures the attention of everybody across the world. But while everyone’s eyes are (unsurprisingly) on the astonishingly talented gymnasts, divers, and runners, there is something else also worth thinking about that may not have crossed your mind.

What data protection considerations are there for an event of such magnitude?

Special Category Data

Special category data is a top contender for issues to consider. The amount of special category data that will need to be processed in order to facilitate the Olympics is enormous, and as such, there will be a whole multitude of considerations when processing this data. 

When thinking about the GB Team alone, there are 372 athletes, and all of these will be sharing their health data. In addition to this, athletes undergo random drug screening, which will also come under the umbrella of special category data, or even criminal data in extreme cases. There will therefore be numerous considerations for Team GB and the Association of Summer Olympic International Federations to think about in order to conduct this processing, including:

 

  • Has a Data Protection Impact Assessment (DPIA) been completed for all of the systems used that hold the data?
  • Are there appropriate safeguards in place to facilitate the transfer of the data from Team GB, to the Olympics Association?
  • For special category data, has an Article 9(2)(a) condition been identified, as well as a legal basis, to ensure that the processing is lawful?
  • For criminal offence data, has a Schedule 1 (DPA 2018) condition been identified?
  • What sharing agreements are in place?
  • The purpose of the processing.

 

…and the list goes on.

Image from Unsplash

Transfers of Data for the Olympics

Another issue that will need to be considered is: what mechanism is being employed for the transfer/sharing of such data? In order for Team GB to compete, data will need to be shared, and as such, there will need to be some form of transfer mechanism in place.

 

  • Is there a Data Sharing Agreement in place?
  • Is there an International Data Transfer Agreement in place, or has the International Data Transfers Addendum to the European Commission’s Standard Contractual Clauses been used?
  • Has a Transfer Risk Assessment been conducted?

 

Having something in place is integral for the transfer of personal data, as it outlines what the responsibilities of the parties are. It also outlines whether there are appropriate technical and organisational measures in place to safely facilitate the transfer.

The Olympics’ Third Party Processors

To facilitate the Olympic Games, many third party suppliers/processors will be used. Due to the scale of the event, these third parties will be processing lots of personal data. In order for this to take place, there will need to be some form of contract or Data Processing Agreement to ensure that the processor is processing in line with the controllers’ request, and in line with data protection legislation.

Image from Unsplash

These don’t just apply to the Olympics

The Olympic Games is a huge event that requires lots of forethought and planning, including around data protection. The considerations listed above are not exclusive to the Olympics, nor exhaustive. These will be issues for a wide variety of occasions – including festivals, concerts, and other sporting events.

How DPAS can help

DPAS has previously, and currently, works with events venues, sporting associations, broadcasters, and creative organisations, to help ensure that they have all of the necessary compliance documentation in place to facilitate the smooth running of events, alongside ensuring compliance with relevant UK legislation.

If you have an event coming up and would like some reassurance that you have everything in place, contact us for a chat about how we may be able to help. You can email us at info@dataprivacyadvisory.com or give us a call on 0203 301 3384.

related posts

Jack Penaligon

How to Respond to a Data Breach: A Practical Guide

This blog provides an overview of the practical steps organisations can take to reduce the impact of a data breach once it has been identified. It focuses on the actions that should be taken during the early stages of an incident to contain the breach, protect affected individuals, and meet regulatory requirements.

The article discusses a range of mitigation measures, including contacting unintended recipients of personal data, securing the deletion or recovery of exposed information, isolating compromised systems, and maintaining clear records of actions taken. It also explores the challenges posed by both digital and physical data breaches, highlighting the importance of balancing operational needs with data protection obligations.

Finally, the blog emphasises the value of preparation, explaining how established procedures, communication templates, and predefined response plans can help organisations respond more effectively and demonstrate accountability during a regulatory investigation.

Read More »
Noah de Wild

How to Assess a Data Breach: A Practical Guide

This blog explains how to assess a data breach by identifying its cause, determining what information was exposed, and evaluating the potential impact on affected individuals and the organisation. It outlines common causes of breaches, the importance of understanding the type and scale of compromised data, and how assessing the timeline of an incident can help businesses respond effectively, meet legal obligations, and reduce long-term risks.

Read More »
Noah de Wild

Don’t Panic: A Pragmatic Guide to the June 2026 Enforcement of the Data (Use and Access) Act Changes

With the June 19, 2026 enforcement of the Data (Use and Access) Act approaching, ensuring your business is compliant doesn’t have to be complicated or expensive. In our latest guide, we break down exactly what the new data protection complaint rules mean for you. Cut through the noise and discover our simple, free six-step checklist to update your protocols, designate handlers, and keep your business confidently compliant.

Read More »

Get a Free Consultation