With the May 2018 deadline a mere four months away, are organizations ready for the General Data Protection Regulation (GDPR)? According to ESG research, there is still work ahead. Many firms aren’t completely prepared and may have to make incremental technology purchases for GDPR compliance over the next few months. Furthermore, organizations need to button down their incident response plans so they are prepared to report breaches to supervisory authorities within 72 hours as stipulated by GDPR. To address the many GDPR challenges ahead, ESG recommends focusing on areas like data discovery/classification, identity and access management, encryption, and IR planning.