The time for talking is nearly over.

After countless headlines and column inches during 2017, two major pieces of legislation affecting personal data will finally come into force during 2018. In January, implementation of PSD2 starts and the Open Banking Initiative opens up current account information to regulated third parties. Then, in May, implementation of GDPR begins. So what will the actual impact of these changes be when they finally come into force?

There’s no doubt that these are significant events which will have a major effect on the way that businesses use data, as well as how consumers see their data being managed. We’ve become used to the fact that the largest companies in the world covet our data. We might not know exactly what they do with it but we infer that their love of it has something to do with making us more profitable to them.

As someone who has already had their personal data stolen twice before, I know what damage it can have and I believe people will become more aware of and interested in controlling their personal data in the future.

But rather than these regulatory changes having the most effect, I believe a technology revolution that has seen less of the spotlight will have the biggest impact.

The immediate impact of regulation

By this time next year, I’m sure we’ll look back and say that 2018 was the year when people started to become more aware of owning their personal data. However, I do not think that this change will be as dramatic as it could be. It will be more of a ripple than a revolution.

That’s because, while there has been a lot of focus on regulation up to now, it has mostly been backstage manoeuvres. Compliance and legal teams have been working furiously to ensure that they are as prepared as possible. With the new paradigm not yet a reality on the ground, these teams are left making changes based on the hypothetical situation of being asked to explain their actions to the FCA, ICO or CMA. Until a business actually has to defend itself in a real case, this is all they have to go on.

For individuals, the impact will be even less noticeable. After all, the banks will still own and control their data and their awareness of that fact is unlikely to change if it hasn’t already. These regulations are hugely important to the market and the individuals whose jobs revolve around them but I very much doubt that the average man or woman on the street has any knowledge of acronyms like PSD2 and GDPR, or the effect they will have.

Throughout 2018, people will start to notice some changes. With the regulations in place, they’ll be asked to consent to ‘merchants’ like Amazon making payments for them, rather than being redirecting to Paypal or Visa. They might find new apps are offering them better rates on the financial products they use, but only if they consent to their data being used in the process of switching. They may even take the opportunity to be ‘erased’ from the records of companies they don’t want to be linked to anymore.

But these will be subtle changes made over time and won’t compare to the revolutionary change that is coming down the line.

Technology will bring real change

In the not too distant future, the whole approach to personal data will have changed beyond recognition. Powered by the blockchain, individuals will take full control of their personal data and their digital identities, using them to interact with the services they want, without the need for a centralized authority such as a bank or credit rating agency.

In fact, the process will become so streamlined that all document certification will become automated, with service providers paying trusted third parties for attestation services, while individuals will be able to securely share the information they choose. The security of the system will come from the distributed nature of the blockchain and the cryptographic consensus that is at its heart.

Individuals will finally be able to control their personal data, being their own credit database, and use this information to interact with other individuals or microservices without the need for a central authority. This empowerment brought about by technological advances will have a much greater effect on personal data than any regulation could.

About the Author: Jed Grant, is the founder and CEO of Peer Mountain, a distributed system of trust that gives individuals secure ownership of their data. He also founded KYC3, a risk management provider using machine learning on big data to deliver custom compliance and business intelligence solutions.