Lisa Zolidis

Lisa Zolidis is a Partner in the firm’s Privacy and Cybersecurity practice, bringing more than two decades of experience leading global privacy programs for Fortune 500 companies and fast-growing innovators alike. 

Lisa is known for her ability to align legal strategy with business goals and build privacy programs that are not only compliant but scalable and sustainable. She regularly advises clients on data protection impact assessments, privacy-by-design for AI and emerging technologies, global data transfer frameworks, third-party risk management, and cross-border compliance strategies. Her expertise includes data protection and privacy law in the US, UK and EU GDPR, Israel, China, Japan, Philippines, South Korea, Canada and Mexico.

Lisa has built and scaled privacy and data governance functions across the technology, health data, manufacturing, transportation and business services sectors, serving in senior roles at Dell, American Airlines, NI (now part of Emerson), TaskUs, and most recently Datavant. Her leadership has consistently delivered enterprise-wide risk reduction, operationalized compliance with evolving global regulations, and supported complex business initiatives including M&A integration, product development, and international expansion. She has created strong programs with flexibility and innovation in mind to help companies not only meet business goals and establish a culture of compliance, but also satisfy regulatory inspection and a range of audit control standards.

At Datavant, Lisa served as Head of Global Privacy and Data Governance, where she strengthened the company’s privacy program and regulatory posture across GDPR, HIPAA, CCPA and beyond. Prior to that, she created and led privacy operations at NI through its acquisition by Emerson, transforming a fledgling compliance function into a modern, risk-based program. At Dell, she developed privacy and data protection policies, contracts and infrastructure across the company, advised on personal data elements of more than 30 acquisitions and divestitures, spearheaded multiple GDPR readiness workstreams and extended consistent privacy practices across 300 legal entities for the company’s landmark merger with EMC.