TOKYO (Reuters) – Around a quarter of Japanese businesses have made progress on meeting some of the easier requirements under Europe’s new data privacy regulations while about another 20 percent plan to do so, a Reuters poll found.

A man is silhouetted against a commercial building at a business district in Tokyo, Japan March 7, 2018. REUTERS/Kim Kyung-Hoon

But the number of companies who say they are currently equipped to deal with more onerous rules, such as those relating to data breaches and dealing with requests to provide personal data to customers – drops drastically to just a few.

The results of the Reuters Corporate Survey, conducted June 4-15, shows only modest progress by Japanese firms in their efforts to grapple with the new European Union General Data Protection Regulation, or GDPR, which took effect last month.

The rules, designed to protect the online data of European citizens, apply to all businesses that offer goods and services within the bloc, regardless of whether they have incorporated units. Violations can result in fines of up to 4 percent of global revenue or 20 million euros, whichever is higher.

“The rules are really too tough,” wrote one manager at a chemicals firm.

The survey, conducted for Reuters by Nikkei Research, showed that 26 percent of firms have updated data privacy policies to take into account requirements such as the need for clear language and the seeking of affirmative consent, often effectively an opt-in email.

Eight percent said they are working on the issue while another 15 percent say they plan to.

Similar numbers could also be seen in response…