How SecurTrac and SecurSearch Help to Enable GDPR Compliance

A. Introduction

The intended audiences for this article are GDPR Data Protection Officers, GDPR Data Protection Administrators as well as IBM Domino Administrators who manage the Domino environment and IBM Domino developers who develop and manage Domino applications. It is assumed that the intended audience are already familiar with GDPR requirements and how they apply to their company.

GDPR is defined as The General Data Protection Regulation. If you are a company based in the EU or your company does business within the EU, you are probably familiar with the strictest data privacy law worldwide that is set to take effect on May 25th, 2018. The GDPR specifies the roles, processes and technologies organizations must have in place to ensure not only that personal data of EU residents is secure, is must also be accessible and only used appropriately and with the EU resident’s consent. GDPR sets out a number of obligations that your company may need to address.

For more information about GDPR visit:

The purpose of this article is to provide guidance to IBM Notes and Domino customers who are impacted by the new GDPR compliance regulations and inform them about how they can use Extracomm SecurTrac and SecurSearch which are important tools that streamline the process of collecting information that can help meet your company’s GDPR obligations and prove compliance to regulators.

B. SecurTrac & SecurSearch Enable GDPR Compliance

SecurTrac Usage Scenario for GDPR Compliance:

Detect data breaches in Domino with use of SecurTrac. Since SecurTrac tracks the life cycle of all objects in Domino Mail and Application databases by generating detailed audit trail records, detecting data breaches can be done with ease.

Using SecurTrac, easily detect data breaches relating to sensitive information about EU Residents. Log activity such as:
• Unauthorized successful access to mail and application database content.
• Repeated unsuccessful attempts to open mail and application databases.
• Detecting unauthorized use of Notes user IDs to gain access to databases by tracking source IP Address information.
• Detect actions such as bulk document open, update and delete actions in e-mail and application databases.
• Receive real time alert notifications when SecurTrac detects a possible data breach.
• Log the use of Full Access Administration which could potentially be used to access information without proper authorization.
• Log Access Control List (ACL) changes which could reveal occurrences of unauthorized access being granted to mail and application databases.
• With the use of Mail Policy monitors, prevent instances where different types of sensitive information about EU Residents, such as Credit Card, Health Card, IBAN and other personal ID information could be e-mailed to external sources, potentially causing opportunities for fraudulent use.

SecurSearch Usage Scenario for GDPR Compliance:

In corporations with an abundance unstructured data that exists within Domino mail and application databases spread across various servers, GDPR Data Protection Officers(DPO) are going to need a way to locate and search for information as it pertains to GDPR related requests. SecurSearch is a robust, yet easy-to-use product that is designed for businesses to perform e-discovery within IBM Domino environments.

Using SecurSearch, DPOs can run queries against mail databases and/or SecurTrac logs, with a choice between user pre-defined queries or with the use of the search formula wizard. Using the results provided by SecurSearch, a company DPO can respond to GDPR inquiries put forth by data subjects, including requests for:

Right to be Forgotten
• The right to be forgotten entitles the data subject to have companies erase his/her personal data

Right to Access
• The right for data subjects to obtain from the company’s confirmation as to whether or not personal data concerning them is being processed, where and for what purpose. Further, the controller shall provide a copy of the personal data, free of charge, in an electronic format.

Data Portability and Transfer
• The right for a data subject to receive the personal data concerning them, which they have previously provided and have the right to transmit that data to another company.

Using SecurSearch for the purposes of GDPR compliance:

Intuitive SecurSearch Interface:

Using SecurTrac and SecurSearch for the purpose of GDPR Compliance:

Example: A data subject named Billy Black has in the past been a customer of ACME Corporation. Having no future plans to do further business with ACME Corporation, Billy has contacted them to exercise his “Right to be Forgotten” based on GDPR. The ACME Corporation DPO Uses SecurSearch to query across Mail Databases and SecurTrac logs for the existence of data in the Domino environment that relate to Billy Black. The search results reveal that though no information was found in Mail databases, a document does exist in the ACME Corporation Customer Profile Domino application database that contain various personal information including address, date of birth and credit card details. Based on the search results the DPO can act accordingly to adhere to the data subject’s “Right to be Forgotten”, which in the end will result in GDPR compliance.

SecurTrac Database Application Log used for GDPR Compliance:

C. Summary

With the implementation of GDPR, we have learned that companies based in the EU or global companies that do business within the EU are going to need critical tools to help ensure GDPR compliance. For companies using IBM Notes and Domino, SecurTrac and SecurSearch together can provide important audit trails and the ability to perform search queries across many different data sources to help ensure that GDPR compliance will be possible. For more information about SecurTrac and SecurSearch, please visit:

PDF version of this article:
SecurTrac and SecurSearch for GDPR Compliance on IBM Domino Notes Environment.pdfSecurTrac and SecurSearch for GDPR Compliance on IBM Domino Notes Environment.pdf