Gregory Szewczyk

Greg Szewczyk is a partner in Ballard Spahr’s Denver and Boulder offices and Practice Leader of the Privacy and Data Security Group. Greg leverages a career that includes both high-stakes transactions and litigation to help companies take a practical approach to assessing risk and complying with the ever-expanding patchwork of state, federal, and international privacy and data security statutes and regulations.
Greg helps companies of all sizes, from Fortune 500s to start ups, build and maintain their privacy and data security programs. He has advised hundreds of companies on various compliance issues—from the use of artificial intelligence to vendor management to routine data processing matters that arise in day-to-day business—relating to the Colorado Privacy Act (CPA), the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA), the General Data Protection Regulation (GDPR), the Payment Card Industry Data Security Standards (PCI DSS), the Illinois Biometric Information Privacy Act (BIPA), the Gramm-Leach-Bliley Act (GLBA), state financial privacy laws, the Telephone Consumer Privacy Act (TCPA), and various other laws and regulations. Greg also advises clients in connection with corporate transactions, such as mergers, acquisitions, and partnerships. In doing so, he helps his clients assess the potential risks involved and develop creative solutions to data issues.