Getting your FileMaker solution ready for the General Data Protection Regulation (GDPR)

Ben Fletcher • 11 December 2017

The General Data Protection Regulation (GDPR) comes into effect 25 May 2018: the intention is to strengthen and unify data protection for residents and citizens within the European Union. A primary goal of the act is to give people back control over their personal data and simplify the regulatory environment for international business with the European Union.

If you haven’t read up on the regulations then you should start with the Information Commissioner’s Office (ICO) website and look at their 12 steps to take now:

https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf

and then look at the full guide to the regulations:

https://ico.org.uk/media/for-organisations/guide-to-the-general-data-protection-regulation-gdpr-1-0.pdf

It is important to note that in 2016 the ICO issued £880,500 of fines against companies last year, but that this would have been likely to be £69 Million under the new GDPR regulations according to an analysis by the NCC Group ( see https://www.theregister.co.uk/2017/04/28/ico_fines_post_gdpr_analysis/). If you have been thinking that Brexit is likely to save you from having to implement GDPR compliant procedures then think again as it is likely that the UK regulatory framework will have to stay as close to the EU framework as possible in order to ensure that trade is not impacted (see http://www.blplaw.com/expert-legal-insights/articles/gdpr-and-brexit-uk-government-unveils-data-protection-plans/).

For many organisations using the FileMaker platform, there will be an element of their custom App or database which will have an individual’s contact information (Name, email, telephone numbers, job role and address) which falls under the definition of ‘personal data’ in GDPR. Consequently, if you are using FileMaker, you will have to examine the implications of GDPR and modify your system and business processes to ensure that they are compliant. The good news is that since FileMaker is optimised for custom development, it is usually quick to adjust to meet new regulatory requirements like GDPR (which is not always the case with off the shelf software).

Here are a couple of highlights of issues that you might need to address and what that would mean in the context of a FileMaker database or app:


Information Sharing

The GDPR requires that you keep records of your processing activities in a networked world: if you have inaccurate information and it is shared with another organisation, you will need to inform the other organisation about the inaccuracy so that their records can be updated.

Therefore, it is necessary to map out all of the inputs and exports that you feed and are generated by your database. For example, it is common with FileMaker to use open database connectivity (ODBC) drivers to synchronise data with 3rd party SQL systems (such as Oracle, MySQL or MS SQL) or to integrate with a web service using cURL and REST API – so an important first step would be to document all of these integration points and highlight any cases where personal information is being exchanged and confirm there is a mechanism in place to issue corrections.


Subject access requests

Individuals have the right to request to be informed of what data you have recorded about them and in a tightening of the legislation compared with the Data Protection Act, you have only 1 month to comply with a request rather than 40 days. If your organisation handles a large number of requests then you may need to look at improving the efficiency of processing these requests more quickly. If you have your data within FileMaker then you may find it useful to build new interfaces to log the tracking of these requests and script the generation of suitable exports (Excel/CSV) or PDF reports to provide an overview of the information being held.


Consent

GDPR sets a higher standard for consent than the Data Protection Act – see:

https://ico.org.uk/media/about-the-ico/consultations/2013551/draft-gdpr-consent-guidance-for-consultation-201703.pdf

Notably GDPR specifically bans pre-ticked opt-in boxes. If you use your FileMaker system for CRM and are historically used to defaulting a flag field for adding a new prospect to a mail/email mailing list then this would need to be turned off. Along a similar line if you are synchronising email lists with 3rd party online services like MailChimp then you need to be conscious of ensuring that if people opt out of communications that this is respected across all the systems you are using.


Cο»Ώhildren

GDPR brings in special protections for children’s personal data and sets 16 as the age of consent for data processing. If your organisation offers online services to children then you need to obtain consent from a parent or guardian and so you may need to put processing in place to verify an individual’s age. For example, if you used FileMaker Go on an iPad to present a consent form and obtain a digital signature, it would be prudent to include fields to capture and check age based on their date of birth.

Data Protection by Design and Data Protection Impact Assessments

GDPR makes privacy by design a legal requirement and data protection impact assessments (DPIAs) mandatory where new technology is deployed, a profiling operation is likely to affect individuals or where there is processing on a large scale.

FileMaker 16 includes a plethora of features which can be used to secure solutions, protect privacy and minimise the chance of data breaches so it is worth reviewing your security arrangements and determining if it is appropriate to make adjustments:

Limit Full Access accounts and turn off auto-login – by default, a new FileMaker file will have a single full access account with the login ‘Admin’ and no password. This password should be changed as soon as a solution goes into production use with real data. Auto-login can be turned off under File > File Options. FileMaker 16 server by default will not allow you to host and open a file which contains a full access login with no password set.

Use Custom privilege sets – it is prudent to always create custom security privilege sets, rather than relying on the default ‘Data Entry Only’ settings for standard users. As a minimum, you may want to turn off the ability of regular users to routinely print or export data. FileMaker offers full granularity to specify in its security model, which fields and layouts can be accessed by a user and whether new records can be created, modified or deleted in a table. You can also choose a minimum password length and enforce having to change it every X days.

Check Extended privileges – The X in the ‘fmreauthenticateX’ extended privilege controls how many minutes that FileMaker can be left in sleep/background before it requires a user to re-authenticate. By default this is set to 10mins, so if you handle sensitive personal data then it may be prudent to reduce his timing to force re-authentication after a shorter period.

Make use of Active Directory/OAuth for managing security. Delegating authentication to Active Directory or OAuth provides two obvious benefits: the password can be used across multiple files and centrally managed with strict rules on password length and complexity. As AD is normally managed centrally, there should be a standardised process for leavers to be removed and so it is less likely that accounts will be left active for longer than they should be available.

Limit File Access. By default, one FileMaker file can be linked and referenced within another regardless of the privilege set access level that the user has to the file. This can be restricted to only allow users with full access privileges for explicitly authorised files (see File > Manage > Security > File Access tab).

SSL Encryption in flight. FileMaker Server 16 is now much more explicit when there isn’t a properly configured and valid SSL certificate from a supported provider in place. This is essential if you are accessing via a WAN connection.

AES 256 Encryption at rest. It is possible to encrypt FileMaker database files using FileMaker Advanced 16 – this ensures that even if your network and server are compromised, it will be practically impossible to access the data without also having a copy of the encryption key to decrypt the file. We now recommend doing this as standard for any system which includes personal data.

Use secure storage to encrypt container fields. Documents that you have uploaded to container fields can be stored in an encrypted format in an external folder alongside your database files. This is especially prudent if these documents contain personal or sensitive information (i.e. scans of passports for proof of identity, etc).

Encrypt data within fields. In the past, 3rd party plugins were required to encrypt and decrypt field level data within FileMaker. Now with FileMaker 16 there are native functions such as CryptEncrypt/CryptDecrypt. For highly sensitive personal data such as medical information or credit card data there is a good argument for doing this as standard.

For more information on the security features of the FileMaker platform - see FileMaker's official guide: https://fmhelp.filemaker.com/docs/16/en/security

If you are interested in finding out more about how the FileMaker platform can be used to secure data privacy or need assistance with modifying your system to meet GDPR then contact our consulting team for assistance.


by Ben Fletcher 10 June 2026
Upgrade to Claris FileMaker 2026 with confidence. Learn key migration considerations, AI features, compatibility issues and best practices.
by Ben Fletcher 10 June 2026
FileMaker Server 26 Enhancements Multiple SASE Processes - FileMaker Server 26 allows you to configure the number of active process in the Server Side Script Engine (SASE), the upper limit being determined by the hardware in use. This allows for more server side processes to occur in parallel - for automated imports, sync and nightly data transformations which need high throughput. Auto-Restart - FileMaker Server's Web Publishing Engine (WPE), OData and Data API services now monitor and detect abnormal termination events and restart automatically on a crash. Export Field Contents on Server - No additional 3rd party plugins or work arounds to automate server side document generation and export to server side folders. FileMaker Go 26 for iOS Enhancements Additional support for iOS hardware and locale support. Core Platform Security Enhancements Additional corporate security enhanced with support for OpenSSL 3.5 LTS, Apache Tomcat 10.1.44+, Windows Server 2025 certification, and full macOS 2026 compatibility. Need help to upgrade to FileMaker 26? At DataTherapy, we specialise in supporting and upgrading legacy FileMaker apps as well as building new custom apps to leverage the latest features of the Claris FileMaker 26 platform. Whether you need training, support, cloud hosting or are ready to go all-in on developing a new app from scratch—we can help. βœ… Certified Claris FileMaker Developers βœ… UK-based team of full-time professionals βœ… Platinum Claris Partner βœ… Experts in secure, on-premise and private cloud deployment of FileMaker πŸ“ž Contact us today for a free consultation and discover how local FileMaker can help your team move faster, work smarter, and stay fully in control of your data.
by Ben Fletcher 10 June 2026
As well as the customer facing UI enhancements, FileMaker 26 has a number of 'under the hood' tool enhancements for long standing developers: Enhanced Inspector - layout controls dynamically adjust based on the object type, reading the cognitive load of navigating the Layout Mode tools for new and veteran developers alike. Control Field Entry by Calculation - field level editablity is now controlled by a boolean calculation that evaluates at runtime based on any developer defined logic. This makes building role based editing or workflow based record locking much easier to implement. Sort Custom Functions with Folders - this now is applied at an independent folder level, making it much easier to work with distributing a shared function library that needs to display in a specific order. Set Layout Zoom by Calculation - the UI zoom can now be scripted to any decimal percentage, making it easier to make layouts which adapt to a specific user or device screen size requirements. Draco Catalog - FileMaker 2026 now includes a persistent catalog which is independent from the application data which can be used for storing JavaScript modules and persistent solution-level settings (app versions, feature flags and environment identifiers). PDF Script Workspace - dedicated script steps have been added for PDF manipulation which makes the generation of multi-page reports assembled from different layouts both using FileMaker Pro client and via FileMaker Server. Need help to upgrade to FileMaker 26? At DataTherapy, we specialise in supporting and upgrading legacy FileMaker apps as well as building new custom apps to leverage the latest features of the Claris FileMaker 26 platform. Whether you need training, support, cloud hosting or are ready to go all-in on developing a new app from scratch—we can help. βœ… Certified Claris FileMaker Developers βœ… UK-based team of full-time professionals βœ… Platinum Claris Partner βœ… Experts in secure, on-premise and private cloud deployment of FileMaker πŸ“ž Contact us today for a free consultation and discover how local FileMaker can help your team move faster, work smarter, and stay fully in control of your data.
by Ben Fletcher 10 June 2026
FileMaker 2025 already added significant enhancements to leverage AI and FileMaker 26 continues to double down on this: Field Annotation A new AI tab is available within the Field Options to define a JSON calculation as the field's annotation which is used in Export dialogs, sort dialogs and most essential in Data Definition Language (DDL) for use in AI. Save as XML & Solution Upgrade Tool FileMaker Pro 26 can now save a copy of your solution as a .xml formatted text file and the enhanced Solution Upgrade Tool can now read XML input and create brand new .fmp12 files or patch existing ones. This is a huge boon for Claris FileMaker developers - it means that Claris FileMaker developers can now use AI tools to generate XML which can then be used to create real production ready FileMaker solutions. Additionally, traditional version controlling scheme and using diff tools to compare XML outputs between production and development releases can be compared. Google Gemini Support Gemini is now supported as a native option in FileMaker script steps making it substantially easier to integrate with Google Cloud and Gemini if that is your preferred AI backend provider. PDF Text Extraction The native ExtractTextfromPDF() function introduced in FileMaker 2025, can now be used to process OCR (scanned) PDFs and not just text-layer PDFs. This again reduces the reliance and cost of using additional 3rd party plugins, APIs or AI tools for text extraction. Need help to upgrade to FileMaker 26? At DataTherapy, we specialise in supporting and upgrading legacy FileMaker apps as well as building new custom apps to leverage the latest AI features of the Claris FileMaker 26 platform. Whether you need training, support, cloud hosting or are ready to go all-in on developing a new app from scratch—we can help. βœ… Certified Claris FileMaker Developers βœ… UK-based team of full-time professionals βœ… Platinum Claris Partner βœ… Experts in secure, on-premise and private cloud deployment of FileMaker πŸ“ž Contact us today for a free consultation and discover how local FileMaker can help your team move faster, work smarter, and stay fully in control of your data.
by Ben Fletcher 10 June 2026
The new Claris FileMaker 2026 release includes enhancements to user experience and accessibility: WebDirect Accessibility & Platform updates WebDirect now includes better screen reader support for the visually impaired or motor disabilities: semantic HTML is now correctly labelled and there is improved focus management for modal dialogs, portals and pop-ups. This is a critical requirement for any public-facing WebDirect solutions where accessibility is a legal obligation. WebDirect in FileMaker 2026 now runs on JDK 21 - removing a barrier to corporate environments that have strict or have deprecated older versions of JDK in their infrastructure. Japanese Calendar Support Native Japanese era-based (gengō) calendar system support has been added in FileMaker 2026— drop-down date pickers now display and accept dates in the Japanese calendar across all. This is critical to Japanese solutions where there s a legal mandate for governmental and official documents to use era-based dating. Need help to upgrade to FileMaker 2026? At DataTherapy, we specialise in supporting and upgrading legacy FileMaker apps as well as building new custom apps to leverage the latest features of the Claris FileMaker 26 platform. Whether you need training, support, cloud hosting or are ready to go all-in on developing a new app from scratch—we can help. βœ… Certified Claris FileMaker Developers βœ… UK-based team of full-time professionals βœ… Platinum Claris Partner βœ… Experts in secure, on-premise and private cloud deployment of FileMaker πŸ“ž Contact us today for a free consultation and discover how local FileMaker can help your team move faster, work smarter, and stay fully in control of your data.
by Ben Fletcher 10 June 2026
The new Claris FileMaker 2026 release includes two highly significant enhancements to business continuity and disaster recovery: FileMaker Standby Server FileMaker Server 2026 can be paired with a second 'hot spare' server which is always ready to become the primary, with failover only taking a few minutes to implement. This means that a hardware failure of the primary server server can be quickly recovered from by promoting the secondary server. Previously, synchronising data between a primary and fail over server would have required additional software adding complexity and cost to a FileMaker Server deployment. FileMaker Server 2026 now includes this service as standard, making it much more economic to implement. The fail over server does not have to be running on the same OS platform or network and so you can run a hybrid on-premises + cloud or split across different cloud data centres or providers for added robustness. FileMaker Server Remote Backup Claris now offer a cloud storage backup service integrated directly with FileMaker Server which can be bolted onto existing FileMaker Server installations (on-premises or running on private cloud). While many private managed hosting providers such as DataTherapy have implemented cloud backups as part of their standard service, FileMaker customers with on-premises infrastructure would often struggle to implement robust backup solutions without dedicated virtualisation teams and additional 3rd party backup software. Again, this provides an economic option for FileMaker customers to consider as part of their disaster recovery strategy. Need help to upgrade to FileMaker 2026? At DataTherapy, we specialise in supporting and upgrading legacy FileMaker apps as well as building new custom apps to leverage the latest features of the Claris FileMaker 2026 platform. Whether you need training, support, cloud hosting or are ready to go all-in on developing a new app from scratch—we can help. βœ… Certified Claris FileMaker Developers βœ… UK-based team of full-time professionals βœ… Platinum Claris Partner βœ… Experts in secure, on-premise and private cloud deployment of FileMaker πŸ“ž Contact us today for a free consultation and discover how local FileMaker can help your team move faster, work smarter, and stay fully in control of your data.
by Ben Fletcher 10 June 2026
Upgrade to Claris FileMaker 2026 now! DataTherapy are pleased to announce that Claris FileMaker 2026 managed private cloud hosting packages are immediately available on both Windows and Linux platforms via FileMaker Host . DataTherapy can provide scalable, managed FileMaker packages for businesses of all size. Full details of all of our packages can be found here . Why choose DataTherapy for Claris FileMaker Hosting? Hassle-Free Hosting We handle everything – from setup to ongoing maintenance, so you can focus on your business, not server management. Personalised UK-Based Support Speak to real FileMaker experts, not call centres. All our servers are fully managed by our in-house team. Secure, High Performance Infrastructure Our hosting is fine-tuned for optimal database performance and is hosted on Amazon Web Services (AWS). Our servers are scalable, provide enterprise-grade security, and we handle backups to keep your data safe. No Long-Term Contracts Flexible quarterly billing options with a free 2-week trial for maximum flexibility without long-term commitments. Fully Customised Hosting Tailored for your Business We understand FileMaker inside out. Whether you’re running a small business system or a large enterprise solution we can provide the perfect plan based on your user and performance needs. If you need additional information, or would like to arrange a free trial of any of our packages then please don’t hesitate to contact our team .
by Ben Fletcher 10 June 2026
What is new in FileMaker 26? The Claris FileMaker 26 (version 26 - they have officially skipped versions 23-25 so that the version number aligns with the year of release ) Platform for is now available as of 10th June 2026 and demonstrates Claris’ on-going commitment to embrace transformative technologies. Whether you’re a long-time FileMaker user or just exploring how to modernise your internal systems, this latest release includes expanded AI capabilities including Google Gemini support, major server reliability improvements, and significant accessibility advances. Here’s what you need to know: AI capabilities Google Gemini support: Adds Gemini to FileMaker's growing list of supported AI providers, giving developers greater flexibility when building intelligent applications. Field and table annotations: Attach semantic meaning to fields and tables so AI models have richer context — improving the accuracy of natural language queries and LLM-generated insights. Metadata calculation functions: New functions including BaseTableComment and FieldAnnotation provide programmatic access to schema documentation, making AI-powered solutions easier to build and maintain entirely within FileMaker. Server reliability and infrastructure Automatic crash recovery: The Web Publishing Engine, OData service, and Data API now restart themselves after interruptions — reducing downtime without manual intervention. Multiple SASE processes: Support for multiple Server-Side Script Engine processes improves throughput and responsiveness under heavy workloads. Updated platform compatibility: Full support for macOS 26, Windows Server 2025, OpenSSL 3.5 LTS, and Apache Tomcat 10.1.44+ ensures deployments stay secure and supported in modern IT environments. Accessibility WebDirect improvements: Updated semantic HTML, improved screen reader compatibility, better focus management, and ARIA compliance — a significant step toward WCAG 2.1 compliance. No redesign required: Existing layouts benefit from accessibility improvements automatically, lowering the barrier for partners serving clients with compliance requirements. What benefits doe this bring to new and existing FileMaker customers? Build and deliver faster — A smarter development environment with context-aware tooling and scripting improvements means less time on layout friction and more time building solutions our clients love. Lead with AI — Google Gemini support, field annotations, and native metadata functions give us the tools to build genuinely intelligent apps — without third-party platforms or custom integrations. Reduce client downtime — Automatic service recovery means enterprise deployments keep running even when issues arise. Serve every user — Built-in accessibility improvements help clients meet WCAG 2.1 and Section 508 requirements, opening doors to new government, healthcare, and enterprise customers. Grow with a future-ready platform — Compatibility with the latest operating systems, security standards, and AI providers means the solutions we build today are designed to last. Ready to upgrade your business to FileMaker 26? The new benefits of FileMaker 26 mean you can layer power AI into existing solutions without any major redevelopment work. Support for natural language input allow smarter and more intuitive applications to improve your business decision making. At DataTherapy , we specialise in building custom apps for business using the Claris FileMaker platform. Whether you need training, support, cloud hosting or are ready to go all-in on developing a new app from scratch—we can help. βœ… Certified Claris FileMaker Developers βœ… UK-based team of full-time professionals βœ… Platinum Claris Partner βœ… Experts in secure, on-premise and private cloud deployment of FileMaker πŸ“ž Contact us today for a free consultation and discover how local FileMaker can help your team move faster, work smarter, and stay fully in control of your data.
FileMaker Pro Logo
by Ben Fletcher 1 May 2026
Rosemary Tietge (Claris Community Engagement Manager) was kind enough to invite me to be a panelist on Community Live 45: Level up your FileMaker email game . This was off the back of our past blog post covering this topic . We were also joined by the highly knowledgeable David Sullivan of Mandelbrot LLC .
Claris FileMaker Logo
by Ben Fletcher 25 March 2026
We look at the latest FileMaker 2025 (20.0.6) security fixes.
More posts