Michelle Wijnant

Michelle Wijnant

Associate | Attorney at law

IT, Privacy & Cybersecurity

Michelle provides advice to a variety of organisations in the fields of IT, privacy and cybersecurity, and supports entrepreneurs in trademark law matters. She specialises in compliance and compliance processes, and acts as a regular sounding board and advisor for several DPOs and CISOs.

A reliable, client-oriented professional, Michelle has a unique capacity for handling the most complex legal matters with patience and a dash of humour. She readily adapts her work and communication style to suit her clients and their target audience.

Education

Michelle completed her Bachelor of Laws (LLB) at Radboud University Nijmegen. She went on to successfully complete the English-language Master’s in Law and Technology at Tilburg University in 2016, specialising in privacy legislation and regulation. During her career, Michelle has continued to specialise in privacy and cybersecurity, completing the specialist training for senior IT lawyers in 2018 and obtaining a number of privacy and cybersecurity certificates (specifically, CISM, CIPP/E, CIPM and CIPT).

Career

Michelle commenced her legal career in 2016 as a legal advisor at a legal consultancy specialising in IT law. The experience she accrued in this role enabled her development to become a senior legal advisor and trainer/course leader. She then went on to work as a privacy and information security coordinator for two government ministries. Michelle joined De Clercq as an attorney in June 2021.

Michelle’s daily practice

On a daily basis, Michelle provides advice and support to administrators, directors, DPOs and CISOs on matters relating to privacy and cybersecurity. Her work includes tasks such as setting up the necessary organisation and documentation, conducting negotiations, providing training, advising on complex matters, and performing risk analyses. Michelle also supports and advises a variety of entrepreneurs in matters such as applying for trademark registrations and monitoring these, and any procedures necessary. She works for both public/semi-public organisations and national and international commercial organisations.

Selected cases

Performing risk assessments and written safeguards relating to IT migration

A client’s IT environment was to be migrated to the Cloud environment of a Cloud provider with a U.S. parent company. To this end, the necessary risk analyses (DPIA and DTIA) were performed, the required contracts were negotiated, and the following-up of the improvement measures was monitored.

Negotiation and documentation for a partnership

The client was to participate in a partnership between public and non-public organisations for which the necessary documentation was drafted (contracts, privacy and cookie statements and consent declarations). All of the parties were able to agree with these, and the client’s interests were effectively represented.

Conducting DPIA for healthcare systems

The client’s healthcare system was to undergo further development. To this end, advice was provided from the Privacy and Security by Design perspective, and a DPIA was performed. The development and follow-up of the advice and the necessary improvement measures were monitored, and adjusted where necessary.

Development of a national privacy strategy

The client’s privacy organisation needed to be further professionalised and expanded. Advice was provided with respect to this, functions were proposed and the necessary policies, procedures and documents were drafted and put in place.

Preparation for certification

The client’s organisation needed to be prepared for NEN certification. Support was provided in identifying the organisation’s current status, drafting a gap analysis, and implementing necessary improvement measures.

Stay up to date

The latest developments

IT, Privacy & Cybersecurity

Confidentiality Justifies Direct Award by the Police

2 September 2025

Not all public contracts are subject to procurement obligations. For example, an exception applies to contracts in the field of defence and security. But what if a contracting authority invokes that exception, while a market party has doubts about its applicability?

Read more

IT, Privacy & Cybersecurity

Digital Healthcare at Large Providers: What Are the Key Points of Attention According to the Dutch Health and Youth Care Inspectorate (IGJ)?

1 September 2025

The Health and Youth Care Inspectorate (IGJ) recently published its findings on the state of digital healthcare at eight very large elderly care providers. The conclusion? While many providers have established the necessary preconditions, they do not yet demonstrably comply with information security standards such as NEN 7510. This poses a risk both to clients and to the organization itself.

Read more

IT, Privacy & Cybersecurity

Network administrator liable for damages resulting from cyberattack

18 August 2025

Jeroen van Helden authored an annotation in the journal Computerrecht regarding a recently published ruling by the District Court of Northern Netherlands. Noord-Nederland. 

Read more