Automated decision-making has come to stay. Is GDPR geared towards protecting the rights of the individual from the negative consequences as decision-making algorithms are adopted on a large scale? I argue that the answer is no.