The principle of "personal data" (Art. 4 (1) GDPR) is almost 40 years old. It is the blanket, sole and undifferentiated connecting factor for the observance of (data protection) legal obligations. This is no longer appropriate for the regulation of a digital world:

On the one hand, given the pervasiveness of everyday life with personal processing operations, it is too far. It is over-regulation to require a legal basis for each of the ubiquitous background processing operations (possibly combined with the obligation to obtain consent), to have to fulfil extensive transparency and accountability obligations, and to demand the observance of all possible data subjects' rights.

On the other hand, the connecting factor of the reference to persons also falls short, since anonymous databases and the knowledge gained from them can also affect the individual. 

Adjustments are therefore necessary in both directions.

(after: Roland Steidle, Digitalisierung und Personenbezug - Thesen zur Weiterentwicklung des Datenschutzrechts in einer digitalen Welt, in: Anja Hentschel / Gerrit Hornung / Silke Jandt (eds.), Mensch - Technik - Umwelt: Verantwortung für eine sozialverträgliche Zukunft, Festschrift für Alexander Roßnagel zum 70. Geburtstag, pp. 267-287)