Skip to Main Content
Professional Photo

Greta Messer, CIPP/US


Greta Messer is an associate in Baker Donelson's Nashville office and focuses her practice on data protection, privacy, and cybersecurity matters.

Professional Biography

As a member of the Data Protection, Privacy, and Cybersecurity Team, Greta provides legal and compliance advice on all aspects of information governance, privacy compliance, cyber due diligence for corporate transactions, and vendor management. Greta assists clients with guidance concerning evolving state, federal, and international privacy laws and regulations, including the General Data Protection Regulation (GDPR), Federal Trade Commission Act (FTC Act), Health Insurance Portability and Accountability Act (HIPAA), and emerging state privacy laws.

Greta is a Certified Information Privacy Professional (CIPP/US). She routinely advises clients concerning privacy, cybersecurity, and information practices, including assistance with data protection strategies, structuring and implementation of compliance programs, website technology compliance, and counseling on other day-to-day privacy and data security questions. Greta also has experience advising clients in a variety of transactions, including the drafting and negotiation of licensing, confidentiality, vendor, and other service provider agreements, as well as related data processing agreements and business associate agreements.

While in law school, Greta served as an extern for the Arts & Business Council of Nashville, where she now participates in the Volunteer Lawyers & Professionals for the Arts.

  • Assisted clients in structuring, drafting, and negotiating technology, software, vendor, and other service provider agreements and data processing agreements.

  • Assisted in the creation of privacy notices for clients of various sizes and industries, including retailers, manufacturers, distributors, mobile applications, and non-profit organizations.

  • Advised multinational retailers regarding requirements for targeted advertising under recently enacted state privacy laws.

  • Worked with clients to develop external notices and internal policies to facilitate compliant data collection and handling, including privacy notices, data privacy policies and privacy risk assessments.

  • Assisted businesses of various sizes and industries with pre-closing IT and privacy diligence and post-closing remediation.

  • Advised clients across a broad range of industries on data protection compliance matters, including data mapping, updating privacy policies, developing consumer request procedures, and reviewing third-party contract terms.

  • Assisted clients in a range of industries on GDPR compliance issues, including responding to data subject requests, assessing lawful bases for processing personal data, updating privacy policies, and implementing EU Model Clauses to validate cross-border data transfers.

  • Assisted with the negotiation of hardware and software platform agreements concerning facility security, ticketing, and player metrics for multiple professional sports franchises, including related data licensing and data processing agreements.


  • Vanderbilt University School of Law, J.D., 2019
    • Publication Editor – Vanderbilt Journal of Entertainment and Technology Law
  • Vanderbilt University, B.A. in English, 2015, cum laude


  • Tennessee, 2019

Email Disclaimer

NOTICE: The mailing of this email is not intended to create, and receipt of it does not constitute an attorney-client relationship. Anything that you send to anyone at our Firm will not be confidential or privileged unless we have agreed to represent you. If you send this email, you confirm that you have read and understand this notice.
Cancel Accept