The evolving risk landscape with David McInerney
Posted: June 30, 2023
Cassie’s Commercial Manager, David McInerney, sat down with Nick James, Event Director at #RISK, to discuss the current state of compliance and what the future looks like for organizations navigating an increasingly complex regulatory landscape…
- How has the risk landscape changed over the last six years
- Outline of David’s role at Cassie
- Have any recent regulatory developments changed the way consent is managed for customers?
- What are the current primary challenges that clients face with regards to improving trust and engagement?
- How do you instill that trust?
- How do you approach changing an organization’s internal culture towards compliance?
How has the risk landscape changed over the six years that you’ve been at Cassie?
So it has been quite a significant six years, particularly if you look at the GDPR as being the jump-off point really. I think that on a global scale, the landscape has changed massively with the legislation that has come into effect post-GDPR.
We’ve seen significant changes in different territories as different legislation has come into effect. So there was a rush in the build-up to the GDPR in terms of how enterprise-level organizations actually looked at this.
Some looked at it as another piece of legislation to manage. Others looked at it as the ability to get ahead of the curve and to start engaging with their end users. Looking at the legislation from a positive point of view, as an opportunity for them to build trust in their brands and to engage with their end users in a more effective way.
In a better way, ultimately, because they’re talking to their consumers on the right level. So it has changed massively for me in the last six years. I came to Cassie at the start of what has been quite a meteoric rise for me personally in terms of my career development, but also at a point where we as a company have grown over that time, and the sort of enterprise-level clients that we now serve.
Could you outline what your role entails at Cassie?
On a day-to-day and on a strategic basis, I sit within the commercial team. My role is primarily to look after the accounts that we have on a global scale. So I perform an account management and account director sort of role. I’ve got a very simple mantra, really – I need to ensure that our customers are receiving good value for money and that ultimately they’re happy.
If they’re happy, they’ll stay with us, and we aim to build long-term relationships with our clients. Which is evident because we don’t churn clients. We provide a five-star service to the client base that we have.
So my job is to make sure that customers are ultimately happy and that strategically our roadmap is being driven in line with their strategies. It’s really quite simple – a happy customer will stay with you and will invest more.
Cassie as a solution is flexible to the point that we might put the solution into a deal with a day-one requirement. But as that organization grows and as they find that they are more engaged with their end-user then, then so too does Cassie grow within that organization as well.
Have any recent regulatory developments changed the way consent and preferences are managed for customers?
Cassie is growing in the territories where legislation is becoming more prevalent. So we have a big focus at the moment in expanding into North America and Canada, because that’s where there is the most change in terms of regulation from our point of view.
Of course, the state-led legislation within the US brings its own challenges and problems to enterprises that operate within those territories. They need to invest in a solution that gives them that flexibility and granularity in terms of how they engage with their end users.
So we are finding that a lot of our business and the opportunities that we’re working on fall within North America because that seems to be the most active space in terms of legislation that’s coming down the pipeline.
What are the current primary challenges that your clients face with regards to improving trust and engagement?
I think that it’s all about building trust, isn’t it? With a brand and with your end users.
The way that we find is most successful for our clients is the ability to offer that granularity, and to be flexible in their approach, but ultimately they are looking to build trust through transparency and choice.
So it’s almost like back to the basics of the GDPR legislation and I guess any subsequent legislation that’s come off the back of that has the GDPR in its roots.
So it’s getting the basics right and the ability to be able to offer that transparency and choice is a good starting point in terms of creating that trust and engagement that you need to effectively market to individuals in a meaningful way.
That means that the consent is there and that you understand how people want you to market to them ultimately. And that comes into the culture within an organization as well, in terms of building that culture and that trust is important. Trust is part of the whole marketing exercise.
How do you instill that trust?
So that culture of people getting that understanding within an organization is a tricky one. I think you’ll find that in the first few discovery calls that you have with any organization, when, we’re beginning to understand what the opportunity is and what their requirements are.
At Cassie, we’ll engage with enterprises that see it as an opportunity. Our solution once implemented and integrated into an organization means you can work out that we’re there.
I think if we are there, then it needs to be supporting a process that is. One that is offering transparency and choice and isn’t trying to blur the lines of legislation, because they’re black and white. You can do this, you can’t do that. There isn’t really any blurring of the lines.
We don’t want to engage with an organization that is trying to blur the lines in terms of legislation.
We have had instances where we’ve said that we can’t work in these sort of conditions or these parameters because it’s going against the ethos or the essence of the legislation that they work to provide a solution for.
So it’s difficult. As I said, Cassie engages with enterprises that see it as an opportunity to get to know their customers in a more meaningful way and use the consent and preference elements to their benefit.
Really I think that early adopters are giving themselves an advantage over their competition by actively displaying that they’re good custodians of data. By offering that transparency and choice to the individual so they’re more engaged and they’ll more likely stay with that organization longer because they trust that organization, which ultimately should lead to more engagement and more sales.
How do you approach changing an organization’s internal culture towards compliance?
It’s harder when some organizations just don’t have that culture. There won’t be that, it will be that old adage of I need to have the biggest database as possible, and even though only 10% of that database is engaged, they don’t care.
They don’t want to give people the opportunity to opt in or opt out, or to make it easy, for example. We’ve had those scenarios before and fundamentally we can’t change the culture within that organization because that’s what their focus is; the bigger my database size, the better it is for me, the bigger the pool it is for me to be able to market to.
When in reality, your active database size is a proportion or percentage of your total, and it’s how you engage with those people that are engaged with you to drive the business and service. So we’re trying to get businesses to understand, it’s not how big your database is anymore. I think it’s how you are interacting with the people who are active with you.
It’s difficult to change that internal culture. We find that the better clients that we work with are the ones that have multiple stakeholders on the second or third call. So they’ve thought about it, they understand what the opportunity is, and they’re bringing all of the relevant stakeholders in at an early stage.
So they all have a voice in terms of what the ultimate outcome would be and how the data flows through an organization from a consent and preference point of view.
Somebody once said to me, probably about two years before GDPR came into force, at that time, like a lot of people, I was asking questions, can you do this or will we still be allowed to do that?
And this guy said to me: look, the easiest thing to think is that, is it creepy or cool? He said, if it’s creepy, don’t do it. If it’s cool, it’s probably all right.
Effectively what GDPR has created is a swim lane.
And within that swim lane, as long as you don’t go out of it, then you are free to do whatever you want and communicate however you want, but you will find that actually you enjoy your swim more because you’re not bumping into people. You’re not crossing over.
And everyone’s getting on, David.
Yeah. I completely agree with that. We are swimming in a good lane at the moment, and our armbands are off.
We are coming into territories now where it’s the first time that they’ve done it. Whereas at Cassie we’ve done it hundreds of times. So having that experience and giving them that confidence that the end result will deliver the requirements that they need.
That’s certainly something that has developed for me over the last sort of six years or so. I sometimes forget that the people that we’re talking to initially are in a minefield that they’re trying to navigate through, in terms of what they do, what they invest in, will that give them a platform to grow with as they do.
So we are bringing that experience to territories where we are getting asked the same questions that we were six years ago in the run up to the GDPR, so they should then start to feel safe that they’re in good hands.
We’re swimming hard if we’ll carry that analogy on!
Want to know how you can ensure GDPR compliance?
Are you concerned about how to protect the personal data of your customers and employees? Want to ensure that your business remains compliant with the new GDPR regulations?
Our GDPR Guide provides a thorough overview of the regulation, including its key requirements and how to comply with them. We cover topics such as personal data access rights; data portability; breach notification; the appointment of a Data Protection Officer; and international transfers of personal information.