The General Data Protection Regulation (GDPR) enforcement deadline is nearly here, but marketers aren't feeling too self-assured in their abilities to comply with the new law.

In March, Openprise surveyed 201 US marketing operations professionals and found that they gave themselves poor ratings for GDPR compliance. On a scale of 1 to 5 (with 5 being best-in-class), respondents gave their GDPR skills a 3.10 rating, which was the lowest among the data management tasks they were asked about.

The EU's GDPR becomes enforceable May 25 and states that a user’s data can be used only if that individual gives a company explicit permission. Companies found to be in violation of the GDPR face a fine of €20 million ($22.1 million) or 4% of global revenues (whichever is greater). The high stakes give marketers incentive to get their data under control, but the law's vagueness and uncertainty around how stringently it will be enforced have created an environment where few companies feel prepared for GDPR.

Marketers employed by larger companies were slightly more confident about their GDPR abilities than marketers working for small firms. Respondents whose company had fewer than 500 employees rated their GDPR compliance a 2.97, while those whose company had more than 5,000 employees gave themselves a 3.13 when it came to GDPR compliance.

It makes sense that marketers with larger firms feel more secure about their GDPR position. Complying with GDPR is expensive and small firms are less likely to be able to devote resources to this. Half of the companies in a Forrester Consulting and Evidon survey spent more than $1 million to meet their GDPR requirements.

Still, the range in GDPR confidence between marketers at small firms and those at large firms is a tight one, as hardly anyone surveyed by Openprise was sure that their data is completely compliant. This could become problematic for marketers if they don't get their GDPR approach figured out soon.