With the recent entry into force of the General Data Protection Regulation (GDPR), Inserm has appointed Frédérique Lesaulnier as its Data Protection Officer (DPO). Reporting directly to senior management, her mission is to strategically manage the institute's personal data protection policy.
European regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data - or General Data Protection Regulation (GDPR) - came into force today in all European Union (EU) Member States. Its objective? Harmonize the legal framework for data protection within the EU and uphold the European data protection model in the face of globalization, both as a factor of democracy and a competitive advantage.
While the principles of the French Data Protection Act remain unchanged, the EU text modifies the approach taken to the protection of personal data. Whereas up until now it had involved preliminary administrative formalities (declarations, authorizations), that set out in the GDPR involves the compliance and responsibility of the stakeholders. The stakeholders must be able to demonstrate, at any time, that they respect the principles of personal data protection as defined by this new regulation.
Data and its protection: a key issue for Inserm
One major new obligation is to designate a Data Protection Officer (DPO) responsible for overseeing GDPR compliance. For Inserm, this role is fulfilled by Frédérique Lesaulnier. Holder of a doctorate in law and a specialist in information systems and health data protection, Lesaulnier spent ten years with French data protection authority CNIL before joining Inserm in 2014.
Personal data is a key issue for Inserm. Data constitutes a basic research material for scientists and its processing occupies a central place in the strategic plan of the institute. This data – which represents the potential to contribute to individual and collective health and is a powerful lever of scientific innovation – must be used with the utmost rigor, expertise and critical thinking, in the scrupulous respect of ethics and personal privacy. That is why Inserm is deploying a personal data protection policy based on trust in its researchers and the desire for universal adherence and accountability.
Therefore, as DPO, Lesaulnier will oversee the plan for ensuring the institute's compliance with the legal data protection framework. This will involve training and raising awareness, working with the research communities to help devise and promote methodological, legal and technical solutions which are approved by the CNIL, which are appropriate to the specific nature of biomedical and health research, and which will help accompany researchers in their use of health data, for the benefit of population health and in respect of personal data confidentiality and ethical and regulatory considerations.
To contact the Inserm data protection officer
101, rue de Tolbiac - 75654 Paris Cedex 13