General Data Protection Regulation (GDPR)

About GDPR

Approved and adopted by the EU Parliament in April 2016, the General Data Protection Regulation (GDPR) represents important data protection regulation changes.

GDPR comes into effect on 25 May 2018, and businesses processing and holding the personal data of citizens residing in the EU must comply. The Government have confirmed Brexit will not affect the commencement of the GDPR in the UK, so you need to ensure you follow the new legislation.

How are Thesaurus Technology preparing?

Estate and letting agents will often record personal and sensitive data, so agents must ensure steps are taken to safeguard this information.

By using Universal you are already complying with aspects of the new legislation, however we will be making a number of updates to assist with compliance. Please see below:


Client consent

If the client consents to receive marketing data, the time/date will be recorded on their record. Likewise, if they ‘Opt Out’ and no longer wish to receive information, the time/date will also be recorded. This provides a clear record of when permission was granted or removed, including how this was communicated.

We will be adding a facility onto email templates that will allow for clients to ‘edit’ their marketing preferences and fully unsubscribe from any communications.

Opt Out
B2B marketing partners

We will be introducing a new section within Universal to record if your clients have ‘Opted In’ to your selected marketing partners. You will be able to record all of the marketing partners you are associated with.

Portal leads

Client data that syncs into our platform via property portals will automatically be marked as ‘Marketing Off’ until such a point when consent has been obtained from the client. This can be done via an ‘Opt In’ email generated via the software.

Anonymisation of records

Clients will be able to request that their record is stored in the system anonymously. There will be a new feature within the software to do this, but it will leave any financial transations in place for your records.

Export personal data

Clients will have the right to request and transfer their own data into a different IT location. Within Universal we will be creating a facility to export the individual client data into a CSV file (opens in Excel). This is an openly accessible file format.

Staff access control

You will need to ensure staff are up to speed on the new legislation with regards to contacting clients. Using the ‘access controls’ in Universal you can limit which members of staff have the ability to send emails, SMS or generate documents.

Staff members can also be limited on what data or areas of the system they have access to.

Secure storage of data

Universal Anywhere

Our cloud based platform already has extensive security in place. Your data is stored in a secure data center and backed up to secure locations. Our servers are running the latest version of Microsoft Windows server and we have sophisticated security procedures in place. Universal has a two-level password protection, with users required to logon to the server and the software.

Universal Office

Our desktop based system has password protection in place. The system however is running locally in your office (presumably on a server). You need to ensure the location where the Universal data is stored, has adequate security in place. If you need any advice on what files or folders need to be protected, please contact the help desk.

We wish to assure our EU clients that Universal is on the way to GDPR compliance. After conducting a readiness assessment, we have begun building on existing data protection policies and measures. We will complete any operational or technical changes we need to, well before the May 2018 deadline.

If you have any questions about GDPR and Universal please contact the help desk.

Additional information from the ICO can be found here: