Set and Monitor Your Data Privacy Compliance

Richart Ruddie is the Founder of Captain Compliance, a data security company helping businesses operate in compliance with regulations related to data privacy and security. He is a Strategic Advisor at BRANDefenders, a digital marketing company that offers numerous branding services. Richart has founded multiple online marketing, SEO, and reputation management businesses, including Alpha Paw, Class Updates, and The Reputation Management Company. He has also been featured in Entrepreneur Magazine, Forbes, The Wall Street Journal, and more.

Here’s a glimpse of what you’ll learn:

• [02:17] Richart Ruddie shares how he got into the compliance and data privacy world
• [04:16] Data privacy and compliance for ecommerce brands
• [07:14] Captain Compliance’s service offerings
• [10:23] The challenges brands face with data privacy and compliance
• [13:04] Richart talks about website cookies and consent
• [20:24] What’s next for Captain Compliance?

In this episode…

Ensuring compliance with the General Data Protection Regulation is essential for the success of any business, as violations of privacy laws can lead to hefty fines. However, navigating the intricate web of regulations can be daunting for organizations of all sizes.

According to compliance expert Richart Ruddie, the constantly evolving regulations have made taking control of online privacy and ensuring compliance a significant challenge for many brands. Compliance requirements range from data retention policies to cookie compliance, and companies are struggling to find the right solutions to obtain user consent. Richart shares his journey of building a compliance and data security company to provide clients with the knowledge and tools they need to navigate compliance requirements.

In this episode of the Quiet Light Podcast, Pat Yates sits down with Richart Ruddie, Founder of Captain Compliance, to discuss data privacy and compliance. Richart shares how he got into the field, data privacy and compliance for ecommerce brands, the services Captain Compliance offers, and website cookies compliance and consent.

Resources mentioned in this episode:

• Richart Ruddie on LinkedIn
• Captain Compliance
• Quiet Light
• Quiet Light Podcast on YouTube
• Joe Valley on LinkedIn
• Pat Yates on LinkedIn
• Mark Daoust on LinkedIn
• Quiet Light Podcast email: [email protected]
• The EXITpreneur’s Playbook: How to Sell Your Online Business for Top Dollar by Reverse Engineering Your Pathway to Success by Joe Valley
• “Bootstrap to Exit — Rich Ruddie Does It Right with Devin W Johnson as CEO” on the Quiet Light Podcast

Sponsor for this episode

This episode is brought to you by Quiet Light, a brokerage firm that wants to help you successfully sell your online business.

There is no wrong reason for selling your business. However, there is a right time and a right way. The team of leading entrepreneurs at Quiet Light wants to help you discover the right time and strategy for selling your business. They provide trustworthy advice, effective strategies, and honest valuations. So, your Quiet Light advisors aren’t your everyday brokers — they’re your partner and friend through every phase of the exit planning process.

If you’re new to the prospect of buying and selling, Quiet Light is here to support you. Their plethora of top-notch resources will provide everything you need to know about when and how to buy or sell an online business. Quiet Light offers high-quality videos, articles, podcasts, and guides to help you make the best decision for your online business.

Not sure what your business is really worth? No worries. Quiet Light offers a free valuation and marketplace-ready assessment on its website. That’s right — this quick, easy, and free valuation has no strings attached. Knowing the true value of your business has never been easier!

What are you waiting for? Quiet Light offers the best experience, strategies, and advice to make your exit successful. To learn more, go to quietlight.com, email [email protected], or call 800.746.5034 today.

Episode Transcript

Intro  0:07

Hey folks, it’s the Quiet Light Podcast where we share relentlessly honest insights, actionable tips, and entrepreneurial stories that will help founders identify and reach their goals.

Pat Yates  0:32

Hello, and welcome to the Quiet Light Podcast. I’m Pat Yates. It’s great to have everyone. And today, this is going to be a fun conversation, maybe not a sexy topic, but one that I think is really actionable and important for entrepreneurs. We’re going to talk with Richart Ruddie, he’s not only a Quiet Light seller is sold to business through Quiet Light. He’s building a business called Captain Compliance. And Captain Compliance is going to help you comply with all your data needs. There’s a lot of different letters and things they do. It’s above my paygrade a little bit to understand a lot of this, I’m not as technical a guy, but it’s a great conversation. So if you’re looking for data, privacy cookies, covers all that stuff that you need on your website, this is a guy you’re going to need to reach out to, I think it’s sort of an underappreciated area to understand because the more that you go, and the more that people are tightening up data privacy, the more that you really need to be prepared. And not only can they scan and look at everything you need, they can help monitor it going forward. So if you find that you’re in compliance, now, you may not be in six months. And some of these become really important, because there could be big fines around it. So I think Richart is going to have a great opportunity to tell us about this. I know he goes about Rich, which is what we’re going to do. I think this is a great opportunity for people to learn about this and apply it to your business and whatever vertical that you’re in. So I’m excited to talk to Rich today. Let’s get right to it. Rich, it’s great to have you on the Quiet Light Podcast today. How are you doing?

Richart Ruddie  1:54

Doing great. Thank you for having me.

Pat Yates  1:55

It’s very exciting. You came highly recommended from Chris Wozniak. But I had you on here anyway, because I don’t know that I should ever trust his judgment. Actually, Chris is a great guy. It’s great to have you in here today. So Rich, I know your business Captain Compliance, we’re going to talk a little bit about today. But I’d love to hear your background. I know you sold your Quiet Light. You’re a unique guy to bring on the show. So I want to hear all about that part first.

Richart Ruddie  2:17

Yeah, absolutely. So I had a digital marketing agency that Quiet Light was very helpful in helping me to sell and have a nice exit last year. And while I was in that business, one of the services and things that we had helped with was data privacy, removal information. So if you were to Google, Pat Yates, Louisville, Kentucky, and you go online, you said, Well, what do you do, the internet has all my personal information, it has my home address, my wife’s address, where she grew up, it’s got her email, my email, our phone numbers, all this information. And that was really my only tie to data privacy outside of seeing 100 emails when GDPR came out. And we got all these notification emails. So when I had my exit last year, I started looking into the data privacy industry, and found that this is a huge and booming industry ripe with opportunity. And every website I go to, I’m seeing consent banners popping up where you have to get consent. I’m seeing headline fines about companies like Meta being fined $1.4 billion in Ireland for violating GDPR rules and regulations there. And I joined the International Association of Privacy Professionals, and so are really networking and talking with people in the industry to find out where the gaps were, what opportunities might be available. And that’s where the kind of the Captain Compliance brand and life started to come to life and said, okay, this is my next venture, I wanted to hit the ground running and started up in the compliance and data privacy world. So that’s my new industry.

Pat Yates  3:57

That’s incredible. So I think a lot of people much like me, there there’s certain things out there that people understand and privacy, we all sort of check off on privacy every day, whether we think we do or not tell maybe the listeners a little bit about the side that you focus on just is there a broad view of exactly what ecommerce type of data privacy and things like that people want you to know about?

Richart Ruddie  4:16

Yeah, absolutely. So even in beta testing, now, as we’re getting ready to launch our product to the public, we’ve had a lot of referrals and people come over that are in the CPG space. And they’re realizing that they need to get compliant because they’re not checking all the boxes. And there’s a lot of regulations just in the US alone. There are 14 privacy laws in different states with five new laws that are taking effect this year, and two more that are already set to go into effect next year as of January 1 2025 in Iowa and Delaware. And that doesn’t even include HIPAA and other sorts of compliance for medical data and what happens is, there’s such a need to be compliant, because if you’re not, you’re gonna get fined. One of the biggest known cases is in California, they have something called the California Consumer Privacy Act. And a company called Sephora, a big makeup company, has violated how they were handling and mishandling user data and using it for marketing purposes. And they ended up getting a seven-figure fine for violating that. And there’s only going to be more and more fines coming down the pipeline. So to spend a little bit of money to become compliant for an ecommerce Store, and to guarantee that you’re compliant and it checks all the boxes for due diligence when you’re going through potential acquisition is just great to have that peace of mind for a low investment versus what I find can be or losing a deal because you weren’t compliant. And then you get dinged a lot of money because of the risks associated with that.

Pat Yates  5:58

That makes a lot of sense. One question, the GDPR wasn’t as familiar because that European Union thing is that crossover to people that are sellers that might be selling in that area, what would classify that need to do that, is it just selling, they’re being physically there?

Richart Ruddie  6:13

No selling there, targeting marketing to people than you any sort of relation there. In fact, some websites will even turn off access. If you go to Europe, and you try to go to a website, and you’re in the EU territory, you won’t even be able to access the website, because some companies have had such a hard time trying to figure out the best way to be compliant. And if they weren’t, they said it’s easier just to turn off all traffic there. So that’s actually one of the things that a lot of companies have had to turn to. And we hope to provide alternatives and opportunities with our software where they can become compliant. And they can start to operate in the EU and GDPR territories without having to worry about getting fined or getting hit with any sort of headline fines for not complying.

Pat Yates  6:58

That makes a lot of sense. So if people that are sellers, right now, let’s say that they’re out there solely on Amazon Shopify, like that, and this may be putting way too low level, are those packages where you’re selling already handling those for them? Or do you have to do that outside of them?

Richart Ruddie  7:14

Yeah, so we’re actually working on building a specific Shopify plugin right now. So users that are on the Shopify platform, will be able to just go into the Shopify store, and to download our plugin and our tool. And then they can put in all the different areas that they’re targeting. So if they’re targeting in the EU, or they’re targeting in California, we can help them make sure that they’re compliant with our consent banners and our platform, and then help them resolve all that. And then what else we’ve started to do in our early stages is even provide compliance consultancy. So we’ve talked with a lot of companies that are trying to figure out how do I become compliant? What am I doing right? What am I doing wrong? Where are my gaps, and we do something called a privacy impact assessment. And we assess all of their use cases, all other different software’s that we’re using. And then we’re able to give them really great feedback and help them kind of map out the best way to be compliant ways to handle any sort of fringe cases. And then let them know of all the risks and then help them find ways either through our software, or through our advising ways to become compliant and to avoid any sort of these risks. And that’s why I like to say Captain Compliance is like their compliance superhero team. We’re there to help in any way they need. And what I found was, when I was starting out to build the company, I’d posted job ads all over, looking for Chief Privacy Officers, data protection officers, looking for CTOs really just trying to find all what I call Level One players, which is the crème de la crème of hiring employees, ones that are things like owners, they come up with innovative ideas. And what I found was that there was a lot of people that didn’t necessarily have data privacy experience, but they had really great compliance experience. And I ended up connecting with people from all over the world, people in Australia, people in Asia, people in Europe, people in South America, Canada, and here in the US. And I ended up being able to build indirectly and wasn’t even planning on it, but a network of compliance experts all over the world that can help in all sorts of different facets of privacy laws and compliance laws. So now when a client comes in, and they have an issue, we’re also able to help with any of their compliance gaps, no matter where they are. So we have experts all over and that just kind of happened completely by accident just through interviewing, talking and networking with a lot of different people all over the world where our main focus was initially just on building the Privacy software, but now we also are able to help with both the privacy sophomore as well as answer and help with any sort of compliance gaps that clientele may have.

Pat Yates  10:01

That is kind of interesting because do you think and I would tend to think that people probably assume they know a little bit about data, but they’re probably just know enough to be dangerous in. Do you find that most people to come to you know enough about it? Or do they think oh, I know one part of it. But hey, there’s three others you need to know about? It seems like you’re a one stop shop for people do they come in, and do people come in with much knowledge at all?

Richart Ruddie  10:23

It is definitely a blend. I will say we were talking with a company actually in your neck of the woods in Kentucky. And their CIO knew enough to be dangerous to know what to avoid, but also said that legal actually owns the compliance work. And everything goes through them after he writes it up. And then there’s a back-and-forth process, where another client had very deep industry experience, and was looking for a team of experts to come in and help guide on how to handle data transfers abroad to the US how to handle potential sanction countries in which they may be doing business with either hiring for employees there, or getting data from there. So there’s so many different use cases in privacy that no one person can know everything. And I think knowing that you don’t know everything, but knowing that there’s different literature out there. And there’s other people that have specialty experts in different facets of privacy, and just going at it with a pragmatic approach to resolving any sort of privacy questions is been really important than what we’ve seen in our very early stages, having a lot of success with clients.

Pat Yates  10:23

You know, I would think that I know that you’re early in that process, but I would tend to think that some people even if they know about one thing they come in, they find out oh, there’s two other things I have to do. Is it better to work with you all, because you know, the scope of what they may not know, because Chuck Mullins at Quiet Light always says this, you don’t know what you don’t know, I would think that most people come in with a predetermined idea. But do you find there’s two or three things that are missing that you need to add on they need to get compliant on?

Richart Ruddie  12:11

There’s usually at least two to three teams, things that a team needs to do to integrate, we were on a call with a big CPG brand recently, and their marketing team wasn’t even familiar with the cookies that they had on their website, what their functionalities were. So there’s usually a handful of gaps. And sometimes it’s not even known what the gaps are when you’re speaking with the marketing team, who is the one that’s often creating some of the potential compliance issues?

Pat Yates  12:44

You mentioned, we talked a little bit before we were getting on about cookies consent software, something that you were passionately talking about. Talk a little bit about that, because I think a lot of people walk by that really quick, you click it and you move on. And some companies, I’m interested to know on the flip side of that, what people need to be compliant with because that’s the first time I’ve heard that term with relation that’s inside there.

Richart Ruddie  13:04

Yes, absolutely. So we’ve created the world’s fastest cookie scanner, meaning where we can go on any website, we can go to Quiet Light, we can go to medium.com, what any of the potential clients websites, and we can scan and we could see all the cookies that they’re running on their site, first party as well as third party cookies, we can see which ones are classified as functional, which ones are for targeting. And then what we do is we can actually integrate that into our consent banner. So the scanner tells us what cookies you have, if any are identified, we can help identify and describe what the cookies purposes, because you have to give consent to users, when they’re coming to your website. Think of it like this. If I was leaning over your shoulder, and looking at your phone and your computer and watching every single message you typed, every single website you went to, you would probably be a little uncomfortable with that. So most people are not okay with that. But when you think about it, if we have pixels, and we are tracking people online, it’s not that much different than having somebody leaning over your shoulder and watching everything you’re typing and everything you’re doing. So what our software does is it supplies and creates a consent banner that can be both customizable and configurable. So business owners can at least comply and have the consent popups and then allow people to choose what’s okay with them being tracked and follow what’s okay with them being targeted with what are the strictly necessary cookies that are there for functionality purposes, because cookies have so many different functions. Sometimes it’s a session login, so they’ll remember your username and password. Sometimes it’s there for credit card processing on checking out and those all require different cookies. So Oh, and other times it’s Google Analytics, where it’s saying, hey, this person came to visit this website from this location. So all that information is good to have from a website owner perspective. But it’s also good to make sure that you’re getting the compliance and the consent and the okay from the actual user. Otherwise, again, you risk getting fined, and it’s only going to be more prevalent in the coming years.

Pat Yates  15:27

Let’s say someone’s using and I always go back to this, we have a lot of ecommerce listeners, you know, when you go through like your direct site, whether it’s on you build on WordPress, Shopify, all that, it’s incredibly important to have that banner to make sure people are checking off on that. Is it standard in those softwares? Or do you need to add it from you? Oh, I guess that’s one thing I didn’t think about as we were talking about it.

Richart Ruddie  15:47

Yeah. So it doesn’t come standard, you need to add it. And if you don’t have any cookies, and you’re not targeting or taking in personal identifiable information, there’s not so much a need for every site to have it. But if you’re doing any sort of targeting, and you’re marketing to people in certain locales, then yes, you would need to have the consent banner in place. And that is an integration process, we’re working to make it as seamless and easy as possible. But we also offer a full-service, white glove enterprise installation process as well, for the clients who say, we want this on our website. But we need a little bit of help, what we’ll do there is we’ll run the cookie scan and will identify any of the unidentified cookies. And then we’ll go ahead and get access to their site and actually integrate and upload the JavaScript snippet. And then they’ll be compliant and have the banner but there’s settings and customizability that users should all do. And that kind of comes in the back and forth of where are you targeting? Where do you operate out of what data do you collect and information like that. And so we can just customize and make sure that they have the best possible banner that makes the most sense for them.

Pat Yates  17:02

So Captain Compliance will come in and basically do an analysis, see everything that you need, and even give you an opportunity in some situations to do an enterprise where you can actually get it cleared up by you guys helping them get it done. Is that correct?

Richart Ruddie  17:14

Correct. Yes, and even privacy policies, terms and conditions, Cookie notifications, all that information and services that we’re able to provide. And one of the other really cool services that we’re launching is a cookie transparency page. So right now, on the privacy policy, usually clients will have a list of all the cookies that they have on the website. And every time they add a new cookie, guess what they have to go in there. And they have to update that. So what we’ve created is almost like how one of the virus scans but shows that you’re up to date. And here’s the clean check and clean bill of health of a website, we’ve almost built something similar but for cookies on a website. So what it will be is it’ll update dynamically. And it’ll be a page where it’s hosted like a hosted privacy page, but a hosted page for cookies. And anytime there’s updates, it’ll show all the active cookies on a website. And then the last updated date where that scan has been done. So they no longer need to go in manually and update their cookies, they can actually just go and use our cookie transparencies page and software.

Pat Yates  18:29

I think when I consider this as an operator, let’s say that I’m trying to keep up with it. To me, it’s not even as much your first analysis but I would assume that if they’re working with you on a regular basis, if new compliance comes up, they may not know about it, are you monitoring that and helping your clients understand as they’re going forward? What those changes might be because I would tend to think they’re rapid, maybe I’m wrong.

Richart Ruddie  18:52

Every single day, there are numerous headlines even today, I could probably fire off 10 new headlines of either fines or issues of people who are coming up with a violation that they found just yesterday, there is big news of one of the biggest trusted names in Europe actually was violating GDPR. So it is a lot to track. It’s a lot to take on. And a lot of companies now are designating specific personnel solely to focus on privacy because there’s such a large swath of new privacy laws, new rulings coming out new violations. So it’s a lot to keep up with and if people can’t handle it, then we do provide services and consultancy to help track and make sure that they’re staying compliant.

Pat Yates  19:46

See I think that’s where it is. I think that’s the biggest advantage. It’s not so much. The protection is important, but having a company behind this kind of keep monitoring that it’s like you don’t, as I said before, I’ve said it twice Chuck Mullins, always use the line you don’t know what you don’t know, and in this kind of industry as much change as you could get really caught, I would think. So having this as a great fallback. I know that I haven’t covered everything Rich that you would want to talk about and Captain Compliance. When you talk cookies, I think Oreos and oatmeal, I just process I’m not even good at that stuff. So I’m sure I haven’t talked about a few things that you think our listeners should understand. So what else in Captain Compliance can they leverage when they come in and work with you?

Richart Ruddie  20:24

Yeah. So we’re also going to be launching a cloud forensic and a cyber-security due diligence, it falls in line with the GRC side of the compliance work that we offer. And that’s if you’re doing an M&A transaction, you’re doing a sale, we just help button everything up for the seller. So we can collaborate with the clients, cybersecurity teams to design and implement robust incident response strategies and certain swift and effective action, in case there ever is a security incident or how that’s handled, cybersecurity breaches as you know, have been growing tremendously. There has been an increase in premiums for the cybersecurity insurance policies just because there’s been so many claims, and they didn’t think there would be this many breaches. I’m sure we all know the case where your local utility company has been breached, and they’re not able to process your payment or an issue like that. So on our GRC side of the compliance, we can also help with that. That’s another really fascinating industry and growth that deals with a lot of the clients that Quiet Light’s probably dealing with as they’re working on an M&A transaction, how you deal with data during a potential sale transaction, you have to be careful of giving that information to the new party during the due diligence process, how you handle it, what sort of standard agreements are transferred between the two parties. So there’s, there’s a lot of miscellaneous things that really seem minute, but they can really screw up a deal. Or they can cause bigger headaches, if you don’t follow or you don’t really think about those on the M&A transaction side.

Pat Yates  22:12

That’s fascinating, especially being in that industry. That’s an amazing thing you provide. I think that it’s incredible anytime you can find someone that can help consolidate difficult information that entrepreneurs usually don’t think about, and being able to go to Captain compliance and look, all that stuff up is incredible. It’s just been an awesome conversation. Is there anything else that you’d want the listeners to know? Tell them how to get in touch with you as well?

Richart Ruddie  22:34

Yeah, definitely. So just go to captaincompliance.com, you can go and contact us through there. We’re offering the cookie scanner as well as the consent banner software through there we have a Shopify plugin we’re building now we’re building a WordPress plugin. So over the next few years, you’ll probably be seeing Captain Compliance banners, and Captain Compliance Software all over the internet. And we hope to help everybody who wants to be compliant and wants to avoid any sort of fines to be able to do so in the next few years.

Pat Yates  23:09

That’s great. I think it’s awesome. And it was kind of an unknown to me. When I came in, I knew a little bit enough to be dangerous. So we talked about this has been greatly educational. And obviously, we love anytime we can have a Quiet Light client on, we appreciate, obviously that business too. And obviously they can reach you on LinkedIn and other places to be able to reach out to you correct?

Richart Ruddie  23:28

Yeah, absolutely. So I’m on LinkedIn, and Captain Compliances is on LinkedIn as well. So feel free to connect with me over there as well. I have a great network of compliance and data privacy, both attorneys and experts within my circle now and I’m glad to help in any way whether it’s through our software, or through contacting people with compliance experts.

Pat Yates  23:53

That’s fantastic. Rich, appreciate you coming on the Quiet Light Podcast today.

Richart Ruddie  23:56

Thank you very much.

Outro  24:00

Today’s podcast was produced by Rise25 and the Quiet Light content team. If you have a suggestion for a future podcast, subject or guest, email us at [email protected]. Be sure to follow us on YouTube, Facebook, LinkedIn, Twitter and Instagram, and subscribe to the show wherever you get your podcasts. Thanks for listening. We’ll see you next week.