The survey found that 30% of the 869 IoD members questioned had never heard of GDPR, while 40% did not know if their company would be affected.
Of those that said their company would be affected, just 18% said they were very confident how the Regulation would affect the way their business runs.
However, 86% of respondents said they were at least somewhat confident that their business would be fully compliant with the GDPR by the time the new rules begin to apply next year.
Jamie Kerr, head of external affairs at the IoD, called on the UK's Information Commissioner's Office (ICO) to do more to help businesses understand their obligations under the GDPR.
"It is crucial everyone understands just how big this regulatory change will be for business leaders over the next few months," Kerr said. "The regulator has a significant role to play in ensuring that SMEs, as well as larger firms, are fully compliant by May 2018."
"We urge the regulator to step up its engagement with businesses to ensure that they are spreading the message far and wide. In particular, however, it needs to emphasise in simple terms the criteria for compliance, what steps companies will have to take to comply and what the penalties are for not meeting the new standards. As a representative body, we will do our best to work with them to broadcast these messages," he said