More than half of firms in Kent do not have a plan in place for new data protection laws due to come into force in May.

Many businesses in the county face a race against time to prepare for the General Data Protection Regulation (GDPR), which was approved by the EU Parliament in April last year.

The legislation – designed to protect all EU citizens from privacy and data breaches – will enforce tighter controls on the way companies handle personal information.

Firms in breach of the laws could be fined up to 4% of annual global turnover or €20 million (£17.7m), whichever is greater.

However, a poll by Maidstone law firm Brachers found 55% of Kent businesses have not devised a plan for meeting the new requirements.

It surveyed more than 80 businesses in the county at a seminar it held on the new rules last week.

Partner Catherine Daw said: “With little over six months to go until the GDPR comes into effect, time is really starting to run down now.

“The worry is that if companies let it drift, they will come back after Christmas and suddenly find that they have limited time to become compliant...” - Catherine Daw, Brachers

“The worry is that if companies let it drift, they will come back after Christmas and suddenly find that they have limited time to become compliant.”

Fellow partner Erol Huseyin added: “From a commercial perspective, all organisations will need to review and update their data protection policies, data protection provisions in their contracts and in particular, put in place robust contractual arrangements with their data processors.

“For most organisations, getting compliant should not be hugely difficult – as long as they allow enough time and take a methodical and rigorous approach.”