Almost one in five Irish SMEs has yet to put a plan in place ahead of the European General Data Protection Regulation (GDPR) coming into effect in May.
Nearly 90pc of firms surveyed said they were aware of GDPR, a set of regulations to strengthen and unify data protection for all individuals within the EU, according to the results of a survey from the Small Firms Association.
No company surveyed described itself as 'GDPR-ready'.
The survey also showed that 39pc of respondents have made some preparations for GDPR and 45pc have started to prepare, while the rest said they had no plan in place.
Many SMEs also said they were "overwhelmed" by GDPR with most concerns linked to issues like employee records, IT, marketing and outsourcing.
"Small businesses know that GDPR is coming, with 89pc either very aware or having some awareness of the changes that will take effect on May 25, 2018," said Sven Spollen-Behrens, SFA Director.
"With the 'go live' date less than three months away, we have seen a spike in activity among members as they get ready to comply with the new data protection regulations.
"Still, it is worrying that almost one in five small businesses do not yet have a plan in place in relation to GDPR," he added. The GDPR increases the scope and nature of administrative costs for failure to comply with the rules with organisations and businesses potentially subject to fines of €20m or 4pc of turnover, whichever is the greater figure, for serious breaches.
The annual DataSec conference takes place on April 9 next at the RDS in Dublin.
An Independent News & Media event, it will focus on the challenges that GDPR brings for businesses and organisations from data storage and protection to legal implications and issues of consent.