Recent legislation, especially the new European General Data Protection Regulation (GDPR), have attempted to significantly strengthen the standing of individuals in a digitised world. While some see such regulation as a heavy burden, others embrace the modern implementation of key principles and the increased control they give to individuals, and going further other see the regulation as a spur to a new larger economy where personal data is respected. Where regulation meets business imperatives, a tension is created. This track will explore those tensions from competing perspectives. It reviews the GDPR as a force to fundamentally reshape the empowerment equation between service providers and consumers, and identifies innovation in person-centric service technology and disruptive business models, making the GDPR a competitive asset for some and a competitive threat to others. We review state of the art legal & commercial questions relating to privacy as a business asset and identify constructive human-centric ways to interpret regulatory implementation.