Article 29 Working Party guidelines and the case law of the CJEU facilitate a plausible argument that in the near future everything will be or will contain personal data, leading to the application of data protection to everything: technology is rapidly moving towards perfect identifiability of information; datafication and advances in data analytics make everything (contain) information; and in increasingly ‘smart’ environments any information is likely to relate to a person in purpose or effect. At present, the broad notion of personal data is not problematic and even welcome. This will change in future. When the hyperconnected onlife world of data-driven agency arrives, the intensive compliance regime of the General Data Protection Regulation (GDPR) will become ‘the law of everything’, well-meant but impossible to maintain. By then we should abandon the distinction between personal and non-personal data, embrace the principle that all data processing should trigger protection, and understand how this protection can be scalable.