How RightNow made the GDPR a key part of their business model
RightNow is a consumer claims purchasing company founded in 2017 by Dr. Benedikt Quarch, Phillip Eischet and Dr. Torben Antretter. Based in Dusseldorf and Berlin, RightNow buys claims from consumers who cannot or do not wish to enforce them alone. To date, the legal tech company has helped more than 450k customers claim millions of refunds against airlines, insurance companies, fitness studios and more. They also support customers in claims against large corporations for data privacy violations. With RightNow, customers can sell their problem and claim back the money they are entitled to with ease.
Serving customers well often hinges on processing sensitive data
The GDPR shapes how businesses work with data across a range of different industries. The tech industry is no different. RightNow’s business model involves processing large amounts of customer data, from email addresses to bank details. With so many rules and regulations to comply with, RightNow needed a solution that would allow them to manage all privacy related tasks with ease.
“The GDPR is very important in the tech industry, which is why we have partnered with DataGuard – to ensure that we comply fully with every regulation,” says Dr. Benedikt Quarch, Co-Founder and Managing Director of RightNow.
Overcoming challenges together: from US data transfers to the rollout of staff training
Collaborating with services in the US is one of the biggest difficulties facing tech companies in Europe. Many cloud services are hosted in the US and as a result, huge volumes of data flow in from Europe, particularly via third-party providers. A 2020 ruling from the European Court of Justice means that companies face significant pressure to ensure that any data transferred to the US is adequately protected. “Especially after the SCHREMS judgement, we have to ensure that we are compliant when working with US-based service providers,” says Dr. Quarch. “Working with DataGuard helps us to sense-check what we are doing and ensure that we are always privacy compliant.”
For a legal-tech company like RightNow, a huge part of GDPR compliance is documentation. This is a critical but very time-consuming task. Some of the most important types of documentation include deletion concepts, data processing agreements (DPAs) with business partners, privacy impact assessments, and technical and organisational measures (TOMs). This is a task that DataGuard takes on, so that the team at RightNow can spend more time on their daily business.
“The GDPR requires us to document so many things, to fill out so many forms. We simply don’t have the time to do this. This is where DataGuard comes in – they take this task off our hands.”
RightNow’s dedicated point of contact at DataGuard is always there to support them with requests – no matter how last minute. For Dr. Quarch, having a privacy expert at hand is also helpful to have as a sparring partner to discuss privacy topics: “We collaborate well with our DataGuard privacy expert. Communication is very good. We frequently discuss new ideas and in which direction we should look to next. It helps us to think ahead.”
DataGuard’s platform also helps RightNow to implement various privacy tasks in a process-driven way, such as for the implementation of privacy training for all employees. RightNow have made DataGuard Academy part of their onboarding process. This efficient, web-based training gives Dr. Quarch and the leadership team an overview of all staff who have successfully completed the training – and acts as a user-friendly way for employees to grasp how privacy impacts their daily work. “Privacy is very important to us, so DataGuard Academy is a really good way to ensure that everyone is trained. We have had good feedback from our team.”
Leveraging the GDPR to offer a more extensive service
EU data protection laws are also a major part of RightNow’s business model. According to Article 82 of the GDPR, any person who has suffered material or non-material damage because of an infringement has the right to receive compensation from the controller or processor. RightNow have tapped into this emerging market to support consumers with claims against large corporations such as Facebook. Another example is Mastercard, whose 2019 data breach affected over 90,000 people. By actively helping those affected, RightNow has leveraged the GDPR to help support their customers to exercise their rights: “Consumers do not understand when they can make damage claims under the GDPR. In the future, awareness will grow about this, which will force companies to pay closer attention and make sure that the GDPR is also enforced by private litigation.”
Privacy awareness will continue to grow and shape the business landscape
Dr. Quarch has noticed a mindset shift in the way that businesses and consumers are thinking about privacy. The GDPR has completely altered the landscape of how companies process data. Meanwhile, public awareness for the law is strong and will only continue to grow. “When you think about most laws, nobody knows about them except for a specific interested group. But almost everyone knows about the GDPR,” he explains. “This is a huge achievement. Because of the GDPR, data protection and privacy are now widely-discussed topics in the EU.”
New privacy laws will continue to be introduced. The CCPA, introduced in California in 2018, draws a lot of parallels with the GDPR. More regulations are popping up all over the world, particularly in the US, which means that business interactions between the US and the EU will constantly evolve as a result. The team at RightNow also feel that EU privacy laws are still not totally clear in terms of what they offer to the average consumer. When the GDPR was introduced, many of the major headlines that came with it were fear-based messages about potential fines. Dr. Quarch strongly believes that private litigation based on the GDPR will become a major topic in the future. “The GDPR is a really powerful law to ensure that privacy is respected - and consumers are empowered.”
Overall, RightNow see strong data privacy practices as a key competitive advantage. The days of companies being careless or inconsistent with data are gone. Now, all businesses must ensure watertight security and processes to protect their customers.
“Strong data protection practices are a great argument in favour of a company,” explains Dr. Quarch. “People really care about this. And if customers care about it, then businesses need to care about it too. With the help of DataGuard, we make sure that we follow the highest security standards for protecting our customer’s data.”