And almost three quarters (71%) of firms said they were "somewhat prepared" to meet the GDPR requirements, although perhaps unsurprisingly, given the lack of official guidance from the Information Commissioner's Office, only 6% believe they are fully prepared.
Rather more worrying, is the fact that just 13% said GDPR was regularly considered by their board.
When it comes to the most pressing issue, nearly half (45%) of all UK firms cited the requirement to delete customer data as their biggest concern.
The Department for Digital, Culture, Media & Sport, which carried out the research, praised the work of the ICO saying that it "has produced guidance for organisations on implementing the regulation, including a checklist for businesses on the actions they need to take; and a series of interactive workshops and webinars".
However, the regulator recently confirmed that its guidance on consent would not be published until December, while those looking to use "legitimate interests" to process data will have to wait until the new year for the official line.
In response to growing criticism that companies will have little time to prepare, Information Commissioner Elizabeth Denham said that the ICO's draft guidance on consent - published in March - "would be a good place to start" and added that "it is unlikely that it will change significantly in its final form. So you already have many of the tools you need to prepare".