In our 11+ years of doing Foxy, there are occasionally new compliance concerns or security updates that cause industry-wide discussion and concern. In the past few years, however, the pace of sweeping and important industry-wide changes seem to have accelerated. In addition to a number of SSL protocol improvements and well-publicized security vulnerabilities, we’ve also seen the EU Court of Justice declare Safe Harbor invalid, the introduction of Privacy Shield to replace Safe Harbor, and now the EU’s General Data Protection Regulation (GDPR), which comes into effect on May 25, 2018.
We’ve been working on our GDPR compliance for the past few months, and are finalizing things with our lawyers currently. We do not anticipate any problems in our own GDPR compliance. As a Level 1 PCI Service Provider, we were already in a good position to meet the strict requirements of the GDPR, though there certainly have been a few changes we needed to deal with.
We have also updated our Terms of Service with a Data Processing Addendum, which meets additional GDPR requirements some of our users have asked about.