Michelle Wijnant

Michelle Wijnant

Attorney at law

IT, Privacy & Cybersecurity

Michelle provides advice to a variety of organisations in the fields of IT, privacy and cybersecurity, and supports entrepreneurs in trademark law matters. She specialises in compliance and compliance processes, and acts as a regular sounding board and advisor for several DPOs and CISOs.

A reliable, client-oriented professional, Michelle has a unique capacity for handling the most complex legal matters with patience and a dash of humour. She readily adapts her work and communication style to suit her clients and their target audience.

Education

Michelle completed her Bachelor of Laws (LLB) at Radboud University Nijmegen. She went on to successfully complete the English-language Master’s in Law and Technology at Tilburg University in 2016, specialising in privacy legislation and regulation. During her career, Michelle has continued to specialise in privacy and cybersecurity, completing the specialist training for senior IT lawyers in 2018 and obtaining a number of privacy and cybersecurity certificates (specifically, CISM, CIPP/E, CIPM and CIPT).

Career

Michelle commenced her legal career in 2016 as a legal advisor at a legal consultancy specialising in IT law. The experience she accrued in this role enabled her development to become a senior legal advisor and trainer/course leader. She then went on to work as a privacy and information security coordinator for two government ministries. Michelle joined De Clercq as an attorney in June 2021.

Michelle’s daily practice

On a daily basis, Michelle provides advice and support to administrators, directors, DPOs and CISOs on matters relating to privacy and cybersecurity. Her work includes tasks such as setting up the necessary organisation and documentation, conducting negotiations, providing training, advising on complex matters, and performing risk analyses. Michelle also supports and advises a variety of entrepreneurs in matters such as applying for trademark registrations and monitoring these, and any procedures necessary. She works for both public/semi-public organisations and national and international commercial organisations.

Selected cases

Performing risk assessments and written safeguards relating to IT migration

A client’s IT environment was to be migrated to the Cloud environment of a Cloud provider with a U.S. parent company. To this end, the necessary risk analyses (DPIA and DTIA) were performed, the required contracts were negotiated, and the following-up of the improvement measures was monitored.

Negotiation and documentation for a partnership

The client was to participate in a partnership between public and non-public organisations for which the necessary documentation was drafted (contracts, privacy and cookie statements and consent declarations). All of the parties were able to agree with these, and the client’s interests were effectively represented.

Conducting DPIA for healthcare systems

The client’s healthcare system was to undergo further development. To this end, advice was provided from the Privacy and Security by Design perspective, and a DPIA was performed. The development and follow-up of the advice and the necessary improvement measures were monitored, and adjusted where necessary.

Development of a national privacy strategy

The client’s privacy organisation needed to be further professionalised and expanded. Advice was provided with respect to this, functions were proposed and the necessary policies, procedures and documents were drafted and put in place.

Preparation for certification

The client’s organisation needed to be prepared for NEN certification. Support was provided in identifying the organisation’s current status, drafting a gap analysis, and implementing necessary improvement measures.

Stay up to date

The latest developments

IT, Privacy & Cybersecurity

ICT service provider for the notarial profession? Don’t forget the Notarial Information Security Code of Conduct!

5 June 2025

In recent years, we’ve seen that new laws and regulations are placing increasingly specific requirements on ICT service providers. Consider, for example, the GDPR (which outlines tasks and responsibilities for the “processor”), the Cybersecurity Act (which mandates supply chain security and directly applies to “business-to-business ICT service providers”), and the AI Regulation (which imposes specific obligations and responsibilities on the “provider”). It’s no surprise, then, that this trend is also reflected in more and more guidelines and codes of conduct, including the Notarial Information Security Code of Conduct (hereinafter: “KNB Code of Conduct”). Given that the Royal Dutch Notarial Association (KNB) had 3.497 members at the beginning of 2025, there’s a good chance that, as an ICT service provider, you count at least one affiliated notary among your clients. This blog outlines what the Code of Conduct means for you as an ICT service provider.

Read more

IT, Privacy & Cybersecurity

Concerns about the review committee? The court sees no issue

27 May 2025

When the municipality of Amersfoort intended to award a contract for a management system to the winning bidder, a losing bidder initiated preliminary relief proceedings. The bidder questioned the expertise and independence of the review committee. In his ruling, the preliminary relief judge provides a clear overview of the legal framework applicable to such a situation.

Read more

IT, Privacy & Cybersecurity

One in five Dutch companies suffered damage as a result of a cyberattack in 2024

22 May 2025

Among large companies, this even applies to three out of ten businesses, according to one of the conclusions of a study by ABN AMRO.

Read more