This document discusses the challenges organizations face in complying with the General Data Protection Regulation (GDPR) by its deadline of May 25, 2018. It notes that GDPR is a regulation that must be applied entirely across the EU and includes severe fines for noncompliance. The document presents survey results showing that most Italian organizations have a roadmap to meet the deadline but still struggle with requirements like data transfers outside the EU, data protection officers, and consent management. It concludes that GDPR challenges are more related to changing processes than technology and that organizations must align security budgets to the risks they most fear.