In a large retrospective cohort of breast cancer patients, BRCA1 and BRCA2 germline mutations were analysed in DNA isolated from residual paraffin-embedded tissue samples. Because it was not feasible to ask individual for informed consent, a data and DNA coding protocol, based on the Dutch 'Code of Conduct', was developed. The corner stone of the protocol is that a trusted third party, in our case a notary, keeps the coding keys of clinical data and DNA. Because (re)linkage of the combined coded clinical and genotyping data (BRCA1/2) is only possible through the notary's keys, these can be considered to be comparable to anonymised data at the level of the researcher. Issues around retrospective genotyping of allegedly high-risk mutations and the coding procedure itself are discussed. Our protocol is an appropriate solution to safeguard the privacy of patients when using residual tissue or DNA of patients. Importantly, the coding procedure also allows re-linkage of new genotyping data or extended patient follow-up data to the valuable coded dataset.