> For the complete documentation index, see [llms.txt](https://docs.appfarm.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.appfarm.io/solution-administration/guide-to-gdpr/key-principles.md). # Key principles There are seven general principles set out in [GDPR article 5](https://gdprinfo.eu/en-article-5). ### Lawfulness, fairness, and transparency Personal data related to a data subject should be processed lawfully, fairly, and in a transparent manner. To achieve this goal, one needs to have a thorough understanding of the GDPR regulations. ### Purpose limitation Personal data should be collected for a specific, explicit, and legitimate purpose. ### Data minimization Any personal data collected should be adequate and limited to what’s necessary for the purposes for which they are processed. By following this principle, two key benefits are achieved: 1) Potential damage is minimized in the event of a data breach, and 2) The amount of data that needs to be maintained to stay accurate is limited. ### Accuracy Maintaining the accuracy of personal data is essential to data protection. The GDPR states that “every reasonable step must be taken” to erase or rectify data that is inaccurate or incomplete. ### Storage limitation Personal data that allows identification of the data subject shall be kept only as long as necessary to fulfill the processing purpose. This will normally be the period of a business relationship. It’s important to note that such personal data may be stored longer as long as it will only be processed for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes. Check [GDPR article 89](https://gdprinfo.eu/en-article-89) for further details. ### Integrity and confidentiality Personal data shall be processed in a way that ensures appropriate security (protection against unauthorized or unlawful processing, loss, destruction, or damage of the data), which requires suitable technical and/or organizational measures. GDPR does not state specific requirements due to the constant evolution of technology and best practices. Current standards involve data encryption and pseudonymization where possible. ### Accountability The data controller shall be responsible for and be able to demonstrate compliance with the above six principles. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.appfarm.io/solution-administration/guide-to-gdpr/key-principles.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.