"Majority aren't GDPR compliant"
What the hell is?
I spent two years researching a critical aspect of GDPR compliance and found that effectively nobody gives a tinker's cuss about it - including governments and data protection consultants. All anyone does at best is to plod through the Regulation Article by Article doing a minimum perfunctory bit of stuff for each in isolation. The purpose of the regulation seems to have escaped notice by everyone, despite being mentioned more than 50 times in the document.