The General Data Protection Regulation (‘GDPR’) was born with the aim to be technologically neutral (Recital 15 GDPR). The upside of this tech neutrality is that it will (hopefully) award a long lifetime to GDPR, regardless of technical innovation. The downside: it makes the accountability principle seem very broad and with practical challenges. But there is light in this space too: operationalising accountability is possible.