Additionally, just over a fifth (22%) said the organisations they represented could comply with the GDPR's provisions, which require them to disclose all personal data collected on individuals within one month of request.
The survey, conducted by security firm Webroot, covered 600 IT decision-makers in the US, the UK and Australia - 200 from Australia - who worked for companies that had between 100 and 499 employees.
It looked at how businesses of this size in the three countries were adjusting to new data security measures in order to meet compliance requirements.
The survey also found that 78% of the Australian decision-makers who were working for companies that were doing business in the EU felt they could comply with rules requiring them to disclose all personal data collected on individuals within one month of request.
But those in the UK were less confident than those in the US or Australia about being able to provide all information on EU citizens; only 18% of UK decision-makers were confident they could provide the information within a month of being asked.
As far as employee training on compliance was concerned, the survey found that there was a big gap between IT staff and other Australian employees.
Ninety-four percent of Australian IT decision-makers were confident their employees were equipped to comply with the GDPR and the Australian data breach law.
But only about a quarter of Australian organisations (24%) had trained IT staff on GDPR compliance while 43% had trained – or were in the process of training - IT staff about regulation and compliance with the Australian law.
Webroot's senior information security analyst Dan Slattery said: "Both our local and global regulatory landscapes are tightening, and we’ll likely see more regulations come our way in the coming years as citizens are looking for more privacy.
"The cyber threat landscape is becoming more complex every day, and hackers are constantly finding new ways to take advantage of the myriad of data created by the growing number of connected devices.
"Data protection and cyber security strategies need to become business priorities, and it is important Australian organisations partner with experts in this domain if they want to keep building trust among their customers and employees, and regulators.”