We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.
Our privacy statement:
Below you can choose for which purposes you want to allow cookies on the website of De Clercq.
Attorney at law
IT, Privacy & Cybersecurity
Michelle provides advice to a variety of organisations in the fields of IT, privacy and cybersecurity, and supports entrepreneurs in trademark law matters. She specialises in compliance and compliance processes, and acts as a regular sounding board and advisor for several DPOs and CISOs.
A reliable, client-oriented professional, Michelle has a unique capacity for handling the most complex legal matters with patience and a dash of humour. She readily adapts her work and communication style to suit her clients and their target audience.
Michelle completed her Bachelor of Laws (LLB) at Radboud University Nijmegen. She went on to successfully complete the English-language Master’s in Law and Technology at Tilburg University in 2016, specialising in privacy legislation and regulation. During her career, Michelle has continued to specialise in privacy and cybersecurity, completing the specialist training for senior IT lawyers in 2018 and obtaining a number of privacy and cybersecurity certificates (specifically, CISM, CIPP/E, CIPM and CIPT).
Michelle commenced her legal career in 2016 as a legal advisor at a legal consultancy specialising in IT law. The experience she accrued in this role enabled her development to become a senior legal advisor and trainer/course leader. She then went on to work as a privacy and information security coordinator for two government ministries. Michelle joined De Clercq as an attorney in June 2021.
On a daily basis, Michelle provides advice and support to administrators, directors, DPOs and CISOs on matters relating to privacy and cybersecurity. Her work includes tasks such as setting up the necessary organisation and documentation, conducting negotiations, providing training, advising on complex matters, and performing risk analyses. Michelle also supports and advises a variety of entrepreneurs in matters such as applying for trademark registrations and monitoring these, and any procedures necessary. She works for both public/semi-public organisations and national and international commercial organisations.
Performing risk assessments and written safeguards relating to IT migration
A client’s IT environment was to be migrated to the Cloud environment of a Cloud provider with a U.S. parent company. To this end, the necessary risk analyses (DPIA and DTIA) were performed, the required contracts were negotiated, and the following-up of the improvement measures was monitored.
Negotiation and documentation for a partnership
The client was to participate in a partnership between public and non-public organisations for which the necessary documentation was drafted (contracts, privacy and cookie statements and consent declarations). All of the parties were able to agree with these, and the client’s interests were effectively represented.
Conducting DPIA for healthcare systems
The client’s healthcare system was to undergo further development. To this end, advice was provided from the Privacy and Security by Design perspective, and a DPIA was performed. The development and follow-up of the advice and the necessary improvement measures were monitored, and adjusted where necessary.
Development of a national privacy strategy
The client’s privacy organisation needed to be further professionalised and expanded. Advice was provided with respect to this, functions were proposed and the necessary policies, procedures and documents were drafted and put in place.
Preparation for certification
The client’s organisation needed to be prepared for NEN certification. Support was provided in identifying the organisation’s current status, drafting a gap analysis, and implementing necessary improvement measures.
IT, Privacy & Cybersecurity
30 January 2025
As of January 17, 2025, financial entities must comply with the cybersecurity obligations in the Digital Operational Resilience Act (DORA). On the same date, various guidelines from supervisory authorities that overlap with DORA have been withdrawn. DORA aims to make the European financial sector as a whole digitally operationally resilient.
IT, Privacy & Cybersecurity
4 April 2024
Under the GDPR, it is in principle prohibited to make automated decisions that significantly affect individuals. It is therefore not permitted, e.g., to terminate an employment contract solely on the basis of automated decision-making.
IT, Privacy & Cybersecurity
22 September 2022
Contracting with U.S. cloud service providers is a hot topic. This has everything to do with, on the one hand, the dominant position of American players in the global IT services market and, on the other hand, the strict European legislation on the transfer of personal data. Under what conditions can U.S. cloud service providers still be used? An overview and update.