Michelle attended the Bachelor of Laws (LLB) at Radboud University Nijmegen. In 2016, she successfully completed the Masters of Laws (LLM) in Law and Technology at Tilburg University, specializing in privacy law and regulation. During her career, Michelle further specialized in the field of privacy and cybersecurity. Among other things, she completed in 2018 the specialization course for (senior) IT advisor and obtained multiple certificates (CISM, CIPP/E, CIPM and CIPT) in the field of privacy and cybersecurity.


In 2016 Michelle started her legal career as a legal advisor at a legal consultancy firm in the field of IT law. Here she developed into a senior legal advisor and a trainer/course leader. She then worked as a privacy and information security coordinator for two Dutch ministries. Since June 2021, Michelle has been working as a lawyer at De Clercq.

Michelle’s daily practice

In her Day-to-Day practice, Michelle advises and supports directors, DPOs and CISOs in the field of privacy and cybersecurity. Among other things, she helps with setting up the necessary (written) organization, conducting negotiations, providing training, advising on complex legal issues and performing risk analyses. In addition, Michelle supports and advises a variety of entrepreneurs in applying for trademark registrations, the monitoring thereof and she assists in possible procedures. Michelle works for (semi) public organizations as well as (international) commercial organizations.

Selected cases

Conducting risk analyses and written safeguards around IT migration
A client’s IT environment was migrated to the Cloud environment of a Cloud provider with an American parent company. For this, the necessary risk analyses (DPIA and DTIA) were carried out, the necessary contracts were negotiated, and the follow-up of the required measures was monitored.

Negotiation and documentation for partnership
A client participated in a partnership between public and non-public organizations. For this partnership, the necessary written documentation (contracts, privacy and cookie statements and consent statements) needed to be drafted to which all the negotiating parties could agree and in which the client’s interests were represented.

Conducting DPIA for healthcare systems
A healthcare system of a client was being further developed. During the development, advice was given on the implementation of Privacy and Security by Design and a DPIA was performed. The development and the follow-up of the necessary measures was monitored and – where necessary – adjusted.

Development of privacy strategy
The client’s privacy organization had to be further professionalized and expanded. Advice was given on the privacy organization, functions were proposed, and the necessary policies, procedures and documents were drafted and implemented.

Preparing for certification
The client’s organization needed to be prepared for a NEN-certification. Support was provided by mapping the current compliance state of the organization, drafting a gap analysis and implementing necessary (improvement) measures.