Nossa equipe de advogados altamente qualificados está pronta para ajudar em questões de Direito Digital, Empresarial ou Proteção de Dados. Fale Conosco 
Chapter 1 (Art. 1 – 6) Preliminary Provisions
Chapter 2 (Art. 7 – 16) Processing of personal data
Chapter 3 (Art. 17 – 22) Data Subjects’Rights
Chapter 4 (Art. 23 – 30) Rules
Chapter 5 (Art. 33 – 36) International transfer data
Chapter 6 (Art. 37 – 45) Personal data processing agents
Chapter 7 (Art. 46 – 51) Security and good pratices
Chapter 8 (Art. 52 – 54) Monitoring
Chapter 9 (Art. 55 – 59) The national data protection authority ("ANPD") and the nationalcouncil for protection of personal data and privacy
Chapter-10 (Art. 60 – 65) Final and transitional provisions

Art. 13 When carrying out public health studies, research entities may have access to personal databases

Art. 13

When carrying out public health studies, research entities may have access to personal databases, which shall be processed exclusively within the entity and strictly for the purpose of carrying out studies and research. Those databases shall be kept in a controlled and secure environment, in accordance with security practices provided in specific regulation and this includes, whenever possible, anonymization or pseudonymization of the data, as well as taking into account the proper ethical standards related to studies and research.

§1 Disclosure of the results or of any portion of the study or the research, as mentioned in the lead sentence of this article, shall under no circumstances reveal personal data.

§2 The research entity shall be held liable for the security of the information provided in the lead sentence of this article, and it is forbidden, under any circumstances, to transfer the data to a third party.

§3 Access to data as provided in this article shall be the object of regulation by the national authority and of the authorities in the area of health and sanitation, within the scope of their regulatory capacity.

§4 For purposes of this article, pseudonymization is the processing by means of which data can no longer be directly or indirectly associated with an individual, except by using additional information kept separately by the controller in a controlled and secure environment.