On 18 February Nadya Purtova gave an expert talk at a workshop organised by the GOAL project. The talk explored how code can be personal data within the meaning of the GDPR, and how this creates opportunities for regulating code and Automated Decision-Making in particular, but also stretches the scope of the GDPR and exacerbates challenges of the GDPR compliance and enforcement. The talk concluded with some points on the future of regulating automated decision-making.