This is the lowest of all the European countries surveyed, including Germany, Austria, France, Sweden, Norway and Switzerland.
A further 20% in the UK said they do not know, suggesting that 41% are in denial of their future obligations relating to the GDPR.
This means that a significant proportion of UK firms have less than a year to comply with strict new regulations around data privacy and security that affect any firm processing EU citizens’ data.
The survey of 1,350 non-IT business decision makers across 11 countries also revealed that just 25% of US respondents believe the GDPR applies to them, while 20% said they do not know. Similarly, only 26% of respondents in Australia believe the new rules apply to them, while 19% said they do not know.
The picture outside of Europe is therefore also a concern, given that the legislation applies to any organisation anywhere in the world holding or collecting data on citizens in Europe and could result in penalties of up to €20m or 4% of annual turnover, whichever is higher.
The most informed respondents were in Germany and Austria, where 53% recognise that the new data protection rules apply to them, and Switzerland, where 58% said the rules apply to them.
“While the GDPR is a European data protection initiative, the impact will be felt right across the world for anyone who collects or retains personally identifiable data from any individual in Europe,” said Garry Sidaway, senior vice-president of security strategy and alliances at NTT Security.
“Our report clearly indicates that a significant number do not yet have it on their radar or are ignoring it. Unfortunately many organisations see compliance as a costly exercise that delivers little or no value – however, without it, they could find themselves losing business as a result, or paying large regulatory fines,” he said.