Michelle completed her Bachelor of Laws (LLB) at Radboud University Nijmegen. She went on to successfully complete the English-language Master’s in Law and Technology at Tilburg University in 2016, specialising in privacy legislation and regulation. During her career, Michelle has continued to specialise in privacy and cybersecurity, completing the specialist training for senior IT lawyers in 2018 and obtaining a number of privacy and cybersecurity certificates (specifically, CISM, CIPP/E, CIPM and CIPT).


Michelle commenced her legal career in 2016 as a legal advisor at a legal consultancy specialising in IT law. The experience she accrued in this role enabled her development to become a senior legal advisor and trainer/course leader. She then went on to work as a privacy and information security coordinator for two government ministries. Michelle joined De Clercq as an attorney in June 2021.

Michelle’s daily practice

On a daily basis, Michelle provides advice and support to administrators, directors, DPOs and CISOs on matters relating to privacy and cybersecurity. Her work includes tasks such as setting up the necessary organisation and documentation, conducting negotiations, providing training, advising on complex matters, and performing risk analyses. Michelle also supports and advises a variety of entrepreneurs in matters such as applying for trademark registrations and monitoring these, and any procedures necessary. She works for both public/semi-public organisations and national and international commercial organisations.

Selected cases

Performing risk assessments and written safeguards relating to IT migration

A client’s IT environment was to be migrated to the Cloud environment of a Cloud provider with a U.S. parent company. To this end, the necessary risk analyses (DPIA and DTIA) were performed, the required contracts were negotiated, and the following-up of the improvement measures was monitored.

Negotiation and documentation for a partnership

The client was to participate in a partnership between public and non-public organisations for which the necessary documentation was drafted (contracts, privacy and cookie statements and consent declarations). All of the parties were able to agree with these, and the client’s interests were effectively represented.

Conducting DPIA for healthcare systems

The client’s healthcare system was to undergo further development. To this end, advice was provided from the Privacy and Security by Design perspective, and a DPIA was performed. The development and follow-up of the advice and the necessary improvement measures were monitored, and adjusted where necessary.

Development of a national privacy strategy

The client’s privacy organisation needed to be further professionalised and expanded. Advice was provided with respect to this, functions were proposed and the necessary policies, procedures and documents were drafted and put in place.

Preparation for certification

The client’s organisation needed to be prepared for NEN certification. Support was provided in identifying the organisation’s current status, drafting a gap analysis, and implementing necessary improvement measures.