US companies are largely clueless about the EU's incoming data protection measures, says technology writer Niall Kitson.

As we head into the last month of GDPR preparations, it is interesting to see how US companies are preparing. Based on Mark Zuckerberg's performance in front of Congress earlier this month we know there is broad agreement among informed law makers that GDPR is a necessary development and perhaps one worth emulating. 

Zuckerberg himself - in calling for some form of regulatory oversight - came out in broad agreement with its principles, if not the execution. 

While the tech giants figure out what they can still get away with the good news for consumers is we are seeing movement on policies and features that will protect us from ourselves. 

Facebook-owned WhatsApp has raised the age where users can sign up for accounts from 13 to 16. Don't get too excited, Facebook itself is moving the data it holds on all its users out of Ireland and back to the US - removing a headache for the Office of the Data Protection Commissioner and creating one for the EU.

Google, too, is showing off a range of Gsuite tools for consumers and businesses like expiring messages that should limit the amount of data held on its servers - if not on the people you have e-mailed. 

But how about the smaller businesses looking to operate in the EU? According to a survey released by the Computing Technology Industry Association this week, US businesses have, at best, a limited understanding of GDPR.

The study of 400 professionals across all sectors in the US showed that 52% had a limited understanding of GDPR - considering it either not a problem, something they were only exploring or were generally unsure about. 

The survey also showed a number general misconceptions, such as its application beyond companies based in the EU as opposed to doing business there, and whether it only applies to multinationals. 

There was even confusion as to when it comes into effect - a third of respondents putting its effective date at the end of the year. 

Oh, and two-thirds were unaware of the 4% turnover/€20m fine for non-compliance.

Given the above statistics it probably comes as no surprise that only one in four respondents claimed to be 'very aware' of GDPR, only 22% had a compliance plan and 21% had conducted a data audit. 

Like many, I'm convinced the import of GDPR won't be felt until the first round of fines are handed out. It's then we'll see how seriously US companies take doing business in the EU. 

For the small American business compliance forces one of three decisions - invest in compliance, hope no one notices your substandard practices, or decide the cost of doing business outweighs the benefits and pull out. 

There will be kicking and screaming in the short term but I think GDPR or something like it will become a gold standard in business and that compliance will more than pay for itself. 

Four weeks and counting.