NEW DELHI: Most organisations may not be ready for implementation of EU's General Data Protection Regulation (GDPR) slated to come into effect from May next year, a report by cybersecurity firm Forcepoint today said.

GDPR aims to strengthen and protect the data of individuals within the European Union (EU) and also deals with export of personal data outside the region.

The GDPR framework is to be implemented from May 2018. It mandates that any personal data breach that impacts an EU resident will need to be reported within 72 hours and companies not complying will face fine of up to 20 million Euros or 4 per cent of global turnover, whichever is higher.

"We anticipate changes to data protection in 2018. When the EU GDPR becomes enforceable by law, it will require global organisations that hold the personal data of EU residents to adhere to new requirements around control, processing and protection," Forcepoint said in its report.

It added that the GDPR may be the first regulation to set the bar so high, but other countries will follow the EU in terms of updating their regulations to match this new standard for data protection.

For a country like India, where a number of digital programmes are running, GDPR could play an important role in the debates on data protection and privacy, Forcepoint India Country Director Surendra Singh said.

He added that the introduction of GDPR will also impact Indian IT and BPO industry that counts EU as a major market.

The report said a majority of businesses will be "stunned" by the regulation's impact on their operations as it creates security challenges that cannot be solved solely with technology.

"As the GDPR deadline approaches, most organisations will not be ready prior to the GDPR enforcement date," it added.