Creative Connections with Business Teams, with Katie Tomashevski (Ep. 13)
Unlock effective compliance business communication by understanding stakeholder motivations. This episode explores how a creative background and unique strengths, like dyslexia, can enhance risk identification and build trust. Learn to speak the client's language for actionable guidance and real behavior change in complex environments.
Key Takeaways
- Leverage curiosity about business objectives to gain buy-in, framing compliance as a trusted advisor rather than an obstacle.
- Understand that while compliance advises on the 'how,' business units own the 'what' and accountability for data processing.
- Adapt your communication by speaking the language of the specific business unit or client to ensure guidance is understood and acted upon.
- Personal strengths, such as a background in creative industries or managing dyslexia, can be powerful assets in identifying real risks and proposing practical solutions.
- Avoid operationalizing solutions in search of a problem by first understanding what business teams genuinely want to achieve.
In episode 13 of Compliance Chronicles, host Liisa Thomas welcomes Katie Tomashevski, a distinguished British solicitor and internal auditor with a specialization in data privacy and compliance. Originally from New York and trained in London, Katie brings a unique perspective shaped by her unconventional career path from photojournalism and the entertainment industry into the complex world of regulation and data protection.
From Creative Industries to Compliance Leadership
Katie shares the fascinating story of how her early experiences in public relations, marketing, and entertainment licensing ignited her interest in law, ultimately leading her to become a "second-career solicitor." This rich background, she explains, provides her with a distinct advantage: the ability to leverage a creative mindset to connect with diverse stakeholders. This skill is crucial for translating intricate regulatory requirements into practical, actionable guidance that resonates with business teams, a core tenet of effective compliance business communication.
Navigating the Regulator and Business Landscape
Her journey also includes a significant stint as a regulator, a role she describes as moving from "poacher to gamekeeper." This dual perspective, having worked both within regulatory bodies and within the organizations they oversee, has deeply informed her approach. It allows her to understand the innate desire of businesses to achieve their goals while simultaneously ensuring they operate within the bounds of compliance. This empathetic understanding is key to fostering productive relationships and achieving sustainable compliance.
The Reality of Compliance: Beyond the "Fun Police"
The conversation delves into the often-unspoken realities of compliance work, acknowledging the common perception that "nobody likes compliance." However, Katie posits that most individuals genuinely want to do the right thing. The challenge, she argues, lies in effective communication and buy-in. She highlights that curiosity and a deep understanding of context are not just helpful but essential for gaining the trust and cooperation of business teams. This proactive and understanding approach helps compliance professionals move beyond the "fun police" stereotype and become true trusted advisors.
Leveraging Personal Strengths: Dyslexia and Context
A particularly insightful part of the discussion explores how Katie's dyslexia has unexpectedly become a powerful asset in her compliance career. Far from being a hindrance, it compels her to demand clarity, context, and upfront information. This mindset, she explains, forces her to deeply understand business objectives and identify genuine risks, thereby preventing the common pitfall of offering "solutions in search of a problem." This meticulous approach ensures that compliance efforts are directly aligned with strategic business goals.
Accountability and Data Retention: A DPO's Perspective
As a former data protection officer and internal advisor on data privacy, Katie shares a vivid cautionary tale about data retention. The story illustrates a critical lesson: while privacy and compliance teams are responsible for advising on the "how" of data processing, the business units themselves own the "what" and bear ultimate accountability for their data processing decisions. The anecdote highlights the significant risks and broken promises that arise when organizations retain personal data far longer than officially stated or legally permissible, underscoring the importance of clear data lifecycle management.
The Art of Effective Compliance Business Communication
Katie offers invaluable advice for privacy, compliance, and audit professionals at all career stages. She stresses the importance of cultivating curiosity about what people truly want to achieve and positioning oneself as a trusted advisor. Crucially, she emphasizes the art of compliance business communication: learn to speak the client's language. By mirroring the vocabulary and understanding the unique context of each business function or client group, compliance guidance becomes more effective, lands better, and ultimately drives the desired behavior change. This tailored approach is fundamental to building strong partnerships and achieving successful compliance outcomes.
If you enjoy this conversation, make sure to subscribe to Compliance Chronicles in your favorite podcast app and follow the show so you don’t miss future episodes on privacy, AI, internal audit, and real‑world compliance leadership.
Frequently Asked Questions
How can a creative background help in compliance?
A creative background can help compliance professionals connect with stakeholders, translate complex requirements into practical guidance, and understand business objectives more effectively.
Why is understanding business objectives crucial for compliance?
Understanding what people genuinely want to achieve allows compliance professionals to identify real risks and provide guidance that is practical and drives desired behavior change, rather than creating unnecessary hurdles.
What is the key to effective compliance business communication?
Effective compliance business communication involves speaking the client's or business unit's language, understanding their objectives, and acting as a trusted advisor to ensure guidance leads to real behavioral change.
How does dyslexia benefit a compliance professional?
Dyslexia can foster a demand for context, clear agendas, and upfront information, which helps in understanding business objectives, identifying true risks, and avoiding solutions that aren't needed.
speaker-0: Welcome to Compliance Chronicles, where we learn from professionals shaping the world of compliance. I'm your host, Liisa Thomas, outside Privacy and Compliance counsel, adjunct professor at Northwestern Law School, and a lifelong learner of organizational change. â personal journeys to hard-earned lessons, these the Chronicles that inspire and guide. Let's dive in. We're back with another Compliance Chronicle. episode and this time I am thrilled to welcome Katie who I'm going to turn it over to you to introduce yourself and tell us a little bit about what you do.
speaker-1: My name is Katie and I am currently working for a large company as an internal auditor. I am a qualified British solicitor in England and Wales. I'm a New Yorker, but not a New York lawyer. I'm a solicitor and I specialize in data privacy. I had a whole life before I became a lawyer and I was working in the entertainment and music industry in London for a long time, like 12 years. thought it would be fun to go to law school.
speaker-0: So let's talk a little bit about that journey. So you are now working as an auditor in the compliance privacy space, lots of related things. How did you get to where you are from the entertainment industry to the privacy world?
speaker-1: I went to Syracuse University and I have a degree in photojournalism from Newhouse School of Public Communications. And that was about, you know, telling stories. And we also had to touch on when I was studying things like libel. It's very similar to data privacy in that you have to do the balancing act. And I moved to London and I ended up working in the music and entertainment industry doing PR and marketing. And I ran my own PR and marketing for a long time. And a lot of issues came up around protecting people's art. So IP issues and also around regulatory issues for entertainment licensing. I was creative myself, so I could always speak to creative people. The music industry and entertainment industry, they play close to the sun. And a lot of people are always going to lawyers. I I could do that. But I was dyslexic, so I wasn't really sure. So on a whim, I applied for law school, Birkbeck. Birkbeck happens to be a center of excellence for dyslexia. And I had never heard of adaptations or anything like that. And they really helped me. At the same time, I started working as a regulator. in the entertainment and music industry. I was working with lot of regulatory legislation. I would like to say I was the fun police, so alcohol, entertainment, theater, football stadium, laser treatments, gambling. And it's interesting because from compliance, because I came from the other side to begin with, I felt I was quite good because when I was speaking to people as a regulator, I really was like... what do you really want to do? And they're like, well, what can I do? And I said, no, tell me what you really want to do. Like, just tell me your hopes and dreams and let's see what we can do. And with compliance, I think that's a really, really important thing. You really have to understand what people want to do. And if you're the SME, if you understand what the parameters are, you can help people make really good decisions.
speaker-0: Just turn to some of the challenges you've faced as you've been helping people live their dreams â and doing what they want.
speaker-1: Generally, in my experience, and I dealt with thousands of people, they want to do it right. There's a very, very small percentage who just are like, we don't care, let's see what we can get away with. And I think that my dyslexia, which really helped me, and it really helps me in general now with compliance, because for me to do what I do, I really need context, I really need that understanding, and that... comes from talking to people about their objectives. What do you want to do? What do you want to get out of this? And then applying the framework of a compliance into that. So the struggle is getting people on board. But you do that by being interested and curious in what they're doing and explaining it and speaking in their own language, which I think is what the training as a journalist really helped because you're trained to listen to people. and write in the language that they use. Not a lot of lawyers do that. A lot of lawyers work right in lawyer language. And a good lawyer is an interpreter. So I think the training in both really helped. So understanding what they really want out of something and then applying the compliance to that.
speaker-0: What have you learned in your journey so far?
speaker-1: People don't understand that I don't process data. They do. I'm here as your advisor. I'm your trusted advisor. So I'm not here to determine what data that you process, but the how. And it goes, again, it goes, keep going back to your objective. That was like a big thing that I needed to realize when I was a DPO, a data privacy officer. â As a DPO, explaining that to people, because that was a big learning for me, I thought they understood that. And I'm like, well, I'm not doing the processing, you are.
speaker-0: So tell me about like a situation where that came up, where they thought you were doing the processing instead of.
speaker-1: It was actually about data retention. We had a retention period. They weren't complying with it. And they didn't see the pitfalls of keeping old data. so I said, well, the decision was made in general. And I assisted that to create a retention schedule, which you were part of. You said 10 years. And I'm telling you, we've encapsulated that in our privacy notice. And so people, when they give us their personal data, they expect if they're no longer a customer or whatever, that after 10 years, it will be gone. And they're like, OK, OK. And we have 21 years, I think it was, of some data, like predated some legislation. â They were like, well, I don't see what the problem is. And I was like, the problem is, is we've told people this and you are retaining it. Okay. You know, and this took a couple months just trying. I had the ability in a meeting to actually watch the penny drop. It was his decision to not delete the data. wasn't mine. kept, I couldn't go in and delete the data. It had to be him. The solution was to keep to our retention schedule. That was a big learning. also when I was a regulator and I did carry out criminal prosecutions, one of the other things is, is some people don't care. They break the rules for them. The risk is not being caught and not being fined and not having a criminal. That's not the risk for them is just, they're making so much money. I remember being in court and this guy had just been found guilty and he kept like turning around and like he's in front of the panel judges and he's waking up and I'm like, that's weird. And because that was a learning for him, the risk was worth it. And I always felt like if I had to carry out like a prosecution or any kind of enforcement, it was I felt a failure because I had not communicated. well enough to get people within compliance.
speaker-0: any parting advice for folks that are in this space, whether they're starting out or whether they've been doing this for a while and are looking for some words of encouragement.
speaker-1: If somebody trusts you to come to you for advice, a lot of people want to show off about how smart they are. You need to do this. Get people on side, be curious. And then when you're giving your advice, try and speak their language. Each audit or each company or each client that you advise, they have their own language. So as much as you can try and speak, learn their language and speak it because I think things land better.
speaker-0: is excellent advice. Katie, thank you so much for sharing this with us and learning client's language. I hope you enjoyed this episode of Compliance Chronicles, where we look for guidance and inspiration from the personal journeys of compliance professionals.