At the time of this writing, the deadline for compliance with the EU’s General Data Protection Regulation (GDPR) is only nine days away–May 25, 2018. Despite the fast-approaching deadline, only 36% of company leaders believe they’ll be fully compliant by that time, according to a recent IBM report.

This doesn’t mean that these organizations aren’t embracing GDPR–they’re just not able to do it quickly enough. And some are looking to the coming regulation as a catalyst for cleaning house: 60% said they’re using it as a jumping off point for improving privacy, security, and data management, or as a means for creating a new business model.

A separate Harris Poll study, on behalf of IBM, found that only roughly 20% of US consumers trust organizations to maintain their data privacy.

But in IBM’s recent study, 84% of business leaders said they thought proof of GDPR compliance would be a “positive differentiator” to the public.

SEE: Getting ready for the GDPR: An IT leader’s guide (Tech Pro Research)

Additionally, 76% said GDPR will help build trusted relationships and offer new business opportunities, according to the study.

“The onset of GDPR also comes during a time of huge distrust among consumers toward businesses ability to protect their personal data,” Cindy Compert, CTO of data security and privacy for IBM Security, said in the report. “These factors together have created a perfect storm for companies to rethink their approach to data responsibility and begin to restore the trust needed in today’s data-driven economy.”

So, what are companies doing in response to GDPR? According to the report, 80% are cutting the amount of personal data they store, 78% are limiting the number of employees with access to personal data, and 70% are getting rid of unneeded data.

Of course, finding the impacted data and making sure it meets the regulation is the hardest part of GDPR compliance. But some companies are hitting it full-on, with 22% of firms using GDPR “as a fully transformational business opportunity for how they approach data responsibility and management.”

Of that aforementioned 22%, some 93% have altered their incident response plan to meet GDPR requirements, and 79% are prepared to perform data discovery and verify the accuracy of the data they have. Additionally, some 74% have engaged with security by design principles for their newest products and services, the report said.

Building a slide deck, pitch, or presentation? Here are the big takeaways:

  • Only 36% of company leaders believe their organization will be fully compliant with GDPR by its May 25, 2018 deadline. — IBM, 2018
  • In response to GDPR, 80% of firms are cutting down on the amount of personal data they store, and 78% are limiting the number of people with access to that data. — IBM, 2018