PR and marketing boss Sarah MacDonald is not mincing her words about the impending new European regulations on data protection.

“GDPR has become the acronym of fear to businesses of all sizes,” said the director at Rise Communications in Maidstone.

She is referring to the new General Data Protection Regulation due to come into force from May 25 this year, which will enforce tighter controls on the way companies handle personal information.

Approved by the EU Parliament in April 2016, it aims to protect all EU citizens from privacy and data breaches.

It will enforce new citizens’ rights such as the right to be told within three days if a company holding personal information has been hacked, the right to be forgotten and greater abilities to find out what companies know about you.

The penalties for failing to comply will be steep. Firms in breach of the laws could be fined up to 4% of annual global turnover or €20 million (£17.7m), whichever is greater.

“The starting point for the changes is that personal data is valuable and greater protection needs to be in place,” said Catherine Daw, a partner at Maidstone law firm Brachers, which is hosting a number of workshops on the changes.

She believes the safest course of action is to assume the EU will not be afraid to dish out large fines.

She said: “Whilst clearly not all penalties will be as eye-watering as the headlines suggest, businesses need to also take into account wider risks such as reputation damage and customer confidence if there is a data breach.”

Despite the threat of large penalties, the message about GDPR does not appear to have got through.

A report from the Institute of Directors shows two out of five directors are still unsure on GDPR issues.

A poll by Brachers found 55% of Kent businesses have not devised a plan for meeting the new requirements.

"The draft legislation is difficult to navigate and at the moment there is not a great deal of practical government guidance, meaning that devising a workable system is proving to be the biggest headache..." - Catherine Daw, Brachers

Mrs Daw added: “The new GDPR provisions are proving to be a huge challenge for many business in Kent.

“The draft legislation is difficult to navigate and at the moment there is not a great deal of practical government guidance, meaning that devising a workable system is proving to be the biggest headache.

“In preparation for the changes business will need to review the data they currently retain, working out what they have, why they have it, the basis on which it was obtained, whether they still need to keep it and what they propose to use it for after May.”

Complying with GDPR will feel like a mammoth task to many but it is not unachieveable. It took two weeks for Brave Little Tank, a digital agency based in Chatham.

Creative director and co-founder Chris Mead said: “If you have not done anything I would suggest putting aside a good few hours. You need to review all data you hold on clients and customers.

“As a marketing agency, we hold a lot of data and we had to make sure all the policies are in place.

“The biggest issue is the right to be forgotten. As soon as anyone says they want their data to be removed it has to be removed from every single system you have.

“A lot of businesses find they have multiple systems which are not linked together and they must remember to remove data from every single one.”

A simple search for GDPR on the web brings up a host of information, which can feel daunting.

For Sarah MacDonald at Rise Communications, the solution is to get to many of the GDPR workshops and events happening across the county.

"The biggest issue is the right to be forgotten. As soon as anyone says they want their data to be removed it has to be removed from every single system you have..." - Chris Mead, Brave Little Tank

She said: “Some of the events we have attended were quite brief and we would love to see more affordable, in-depth workshops where you don’t feel rushed and have speakers who can really help demystify the new regulation.

“These extended workshops will leave the delegate feeling more confident to carry on running their business without fearing they are in breach of the new data privacy law and the heavy penalties non-compliance could bring.”

The introduction of tougher European rules on data protection has presented opportunities for some firms.

Simms International, based in Lenham, is a distributor of data storage technology like encrypted USB sticks.

The firm, which employs about 30 people, supplies many clients in the aerospace and defence industries and is expecting companies in the private sector to take a greater interest as the reality of GDPR becomes clear.

Chief sales officer Kevin Howse said: “We’re not rubbing our hands but we expect an uplift because USB is the predominant storage method.

“The public sector has had enough experiences recently of lost data and is some way towards adapting to GDPR.

“Many private enterprises have never considered it.

“UK enterprises have to look at the policies and put in place what they think is the best measure.”

Many companies may introduce a complete ban on moving information outside their business to avoid any risk of losing customer data but Mr Howse thinks that can create new risks.

He said: “They may just decide to have a total ban but the challenge with that is if an employees wants to get information from one place to another – and they can’t use a USB stick – are they going to find another way?

"We’re not rubbing our hands but we expect an uplift because USB is the predominant storage method..." - Kevin Howse, Simms International

“Is it better to have a policy in place that allows people to move information from A to B without having a back door?”

The anticipated uptick comes after a 21% dip in turnover to £31.3 million in 2016, due to a shortage of supply of NAND flash storage solutions and DRAM module technology, which Simms distributes.

There are only three manufacturers in the world of DRAM solutions and four of NAND.

Simms’ most recent accounts show pre-tax profit was down 4% to £648,000 but Mr Howse said the business is in good shape.

He said: “There is so much demand and not enough supply and that has put the prices up.

“That has had an impact on revenue but the whole business is performing well.

“The company is very stable and profit levels are very stable.”