# Key principles There are seven general principles set out in [GDPR article 5](https://gdprinfo.eu/en-article-5). ### Lawfulness, fairness, and transparency Personal data related to a data subject should be processed lawfully, fairly, and in a transparent manner. To achieve this goal, one needs to have a thorough understanding of the GDPR regulations. ### Purpose limitation Personal data should be collected for a specific, explicit, and legitimate purpose. ### Data minimization Any personal data collected should be adequate and limited to what’s necessary for the purposes for which they are processed. By following this principle, two key benefits are achieved: 1) Potential damage is minimized in the event of a data breach, and 2) The amount of data that needs to be maintained to stay accurate is limited. ### Accuracy Maintaining the accuracy of personal data is essential to data protection. The GDPR states that “every reasonable step must be taken” to erase or rectify data that is inaccurate or incomplete. ### Storage limitation Personal data that allows identification of the data subject shall be kept only as long as necessary to fulfill the processing purpose. This will normally be the period of a business relationship. It’s important to note that such personal data may be stored longer as long as it will only be processed for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes. Check [GDPR article 89](https://gdprinfo.eu/en-article-89) for further details. ### Integrity and confidentiality Personal data shall be processed in a way that ensures appropriate security (protection against unauthorized or unlawful processing, loss, destruction, or damage of the data), which requires suitable technical and/or organizational measures. GDPR does not state specific requirements due to the constant evolution of technology and best practices. Current standards involve data encryption and pseudonymization where possible. ### Accountability The data controller shall be responsible for and be able to demonstrate compliance with the above six principles. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.appfarm.io/solution-administration/guide-to-gdpr/key-principles.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.