Skip to Main Content
Professional Photo

Greta Messer, CIPP/US


Greta Messer is an associate in Baker Donelson's Nashville office and focuses her practice on data protection, privacy, and cybersecurity matters.

Professional Biography

As a member of the Health Law Group and Data Protection, Privacy, and Cybersecurity Team, Greta provides legal and compliance advice on all aspects of information governance, privacy compliance, cyber due diligence for corporate transactions, and vendor management. Greta assists clients with guidance concerning evolving state, federal, and international privacy laws and regulations, including the General Data Protection Regulation (GDPR), Federal Trade Commission Act (FTC Act), Health Insurance Portability and Accountability Act (HIPAA), and emerging state privacy laws.

Greta is a Certified Information Privacy Professional (CIPP/US). She routinely advises clients in the development of platform agreements, terms of use, and compliance policies related to client privacy, cybersecurity, and information practices. Greta also has experience advising clients in a variety of transactions, including the drafting and negotiation of licensing, confidentiality, vendor, and other service provider agreements, as well as related data processing agreements and business associate agreements.

While in law school, Greta served as an extern for the Arts & Business Council of Nashville, where she now participates in the Volunteer Lawyers & Professionals for the Arts.

  • Assisted in structuring, drafting, and negotiating technology, software, vendor, and other service provider agreements and business associate agreements.

  • Assisted in the creation of privacy notices for retailers, distributors, health care providers, health care technology companies, mobile applications, non-profit organizations.

  • Worked with clients to develop external notices and internal policies to facilitate compliant data collection and handling, including privacy notices, data privacy policies and privacy risk assessments.

  • Assisted a multinational corporation with pre-closing IT and privacy diligence and post-closing remediation.

  • Assisted a pharmaceutical manufacturer with the development and implementation of a HIPAA compliance program.

  • Advised clients across a broad range of industries on data protection compliance matters, including data mapping, updating privacy policies, developing consumer request procedures, and reviewing third-party contract terms.

  • Assisted clients in a range of industries on GDPR compliance issues, including responding to data subject requests, assessing lawful bases for processing personal data, updating privacy policies, and implementing EU Model Clauses to validate cross-border data transfers.


  • Vanderbilt University School of Law, J.D., 2019
    • Publication Editor – Vanderbilt Journal of Entertainment and Technology Law
  • Vanderbilt University, B.A. in English, 2015, cum laude


  • Tennessee, 2019

Email Disclaimer

NOTICE: The mailing of this email is not intended to create, and receipt of it does not constitute an attorney-client relationship. Anything that you send to anyone at our Firm will not be confidential or privileged unless we have agreed to represent you. If you send this email, you confirm that you have read and understand this notice.
Cancel Accept