Big Data has been discussed in the Data Protection Law community for several years now. However, the big questions still remain. In this paper, we discuss some of these questions. We strongly belief that data protection is not an end in itself but a catalyst to achieve more fundamental aims. Therefore, we will start from a fundamental (and fundamental rights) perspective, asking what the protective purpose of Data Protection Law actually is and what that means for Big Data. We will then delve into the new legislative acts of EU Data Protection Law, the General Data Protection Regulation (Regulation (EU) 2016/679, GDPR) and the Police and Criminal Justice Authorities Directive (Directive (EU) 2016/680) to analyse their implications on the use of Big Data. A key point here is the principle of purpose limitation and the new rules on further processing for compatible purposes (Art. 5(1)(b) and Art. 6(4) GDPR). Another important issue is profiling and automated decision making for law enforcement, criminal justice and other purposes based on Big Data. Here, not only legal aspects but also the implications of factual psychological mechanisms have to be considered, such as an over-confident belief in the results calculated by software systems (“machines”). It must also be considered whether results, with both negative and positive consequences for a suspect, are taken up (principle of material truth). Finally, we ask, whether and how the problems we described can be resolved. In our view, Privacy by Design will play a major role. Based on our experience both in research projects and commercial projects we show some practical examples.