After consultation with more than 70 stakeholders, the French Data Protection Authority (CNIL) has adopted two “reference methodologies” that support data processing for medical research projects. If a data controller strictly complies with either of the methodologies, the registration formalities with the CNIL are simplified as they will have been deemed to have passed the test for self-certification.

Reference methodology MR-001, initially adopted in October 2010, has been completely revised in order to extend its scope. It now concerns research requiring the express or written consent of the patient or his legal representatives. The new MR-003 reference methodology concerns research for which the patient does not object, after being individually informed.