Let’s jump forward to Europe in 2050. The Internet of Things has transformed household management and the consumer shopping experience. Self-driving cars are the norm, saving countless hours that can be dedicated to work or leisure instead.

Small business is thriving – a combination of in-store and virtual experiences have made it much easier for niche companies to foresee individual customer needs. Distance matters less, as digital technologies connect everyone and everything, and automated production allows people to be elsewhere.

Just imagine how much data is generated in this world of the future, with almost everything we do monitored and recorded in some way. It isn’t hard to see why it is so essential to that the way this data is collected, stored and used is properly regulated.

Already data has surpassed oil to become the world’s most valuable resource, according to The Economist, which points out that five of the world’s most valuable companies now deal in this new black gold.

A new digital market

Recognising this, the European Union has been laying down the groundwork for a European data economy – the Digital Single Market. A new data protection regime, which companies need to implement by May 2018, will ensure that companies can operate across all 27 member states under the same regulations.

At the moment, many companies see this General Data Protection Regulation (GDPR) as just one more bit of red tape to work around. But this view misses the enormous advantages it will bring.

The GDPR means that customers will be able to trust the companies which use their data. With the GDPR, individuals are given the ability to control the use of their information.

An individual’s rights are placed firmly at the centre of this framework, with consent, protection and portability hardwired into the new system. This is the right thing to do, because allowing the data economy to grow and fulfil its potential means giving individuals control and allowing them to share in the benefits resulting from the use of their data.

Data has surpassed oil to become the world’s most valuable resource.

What this means for business is entirely new ways to engage with customers, provided they adopt the correct approach and give customers the control they want. Users will now get to choose where and when their data can be used by companies; companies can ask for more permissions; they can provide incentives to customers for using their data, such as real currency, loyalty points, discounts, store credits, etc. The system will create an entire economy in which the commodity is data.

Fingertip control

This level of customer control is not theoretical. Consumers will be able to make all these choices at the touch of a smartphone screen. The TCS Data Privacy Research team are developing an app which will give users instant control over their personal data to create transparency and trust. In turn, this will give business the ability to engage with their customers, cementing a relationship and creating customer loyalty.

TCS is also helping companies prepare for the new GDPR regulations. When a leading European telecoms organization approached us for support with their GDPR policy, we conducted an organization level assessment and put out a plan for system level assessments, prioritizing which business area to remediate first, second and so on.

Our assessment found that privacy policies at the group level needed to be updated and our assessment of data storage found that they needed to strengthen data leakage and identity and access management solutions.

However, taking a step back we could also see that doing this work would open a range of possibilities that had not been yet been considered. For instance, the organisation will now have greater visibility on personal data within their enterprise and they are already discussing use cases around loyalty and analytics to drive real business value from this knowledge.

The GDPR is a tricky nut to crack, and compliance is not one single problem with a single solution. Our experience tells us that any realistic problem-solver should bring various tools together, using a life-cycle approach to data management, creating new systems for consent management, and all the rest. There are a range of ready-made tools available to make this transition easier – no need to re-invent the wheel where digital systems are concerned.

But the crucial step-change needs to be in mentality. The GDPR is not a new constraint on business nor a tiresome piece of bureaucracy. It is a motorway paved over the maze of complexities and entanglements we face today, heading in the direction of a fairer and more efficient data economy.

The opportunities for European companies lie in finding ways to talk to their customers about privacy and having access to a huge customer base across Europe with unified data regulation. The sooner businesses realise this potential, the sooner they will be able to step up a gear.