ORECA : mise en conformité RGPD

For a structure as diversified as ORECA, involved in both technical and commercial activities (e-commerce, events, engineering, competition…), the challenges of an RGPD compliance programme are multiple:

1. Mapping data processing in a complex environment

ORECA operates in several businesses (BtoB and BtoC), which involves:

• Customer data processing (online shop, training courses, events…),
• HR processing (employees, drivers, service providers, trainees…),
• Data from on-board or connected systems (eg. telemetry, internship videos, etc.),
• Flow between heterogeneous systems (ERP, CRM, e-commerce platforms, marketing tools…).

👉 Challenge: establish an exhaustive and dynamic mapping of personal data processed.

2. Securing data in a high-risk digital context

• With an e-commerce shop and digital services, ORECA is exposed:
• To the risks of cyber attacks (phishing, ransomware, hacking into customer accounts, etc. ),
• To the management of access rights on various systems (internal, partners, subcontractors),
• To the issues of data storage and transfer outside the EU (technical service providers, cloud, etc.).

👉 Challenge: ensure solid, documented cyber hygiene (logging, DLP, MFA, tests…).

3. Guaranteeing the rights of data subjects

RGPD compliance implies:

• The ability to inform, give access to, rectify, delete data on request,
• The management of consents (e.g. marketing, cookies, recorded videos…),
• A fluid process for handling requests to exercise rights.

👉 Challenge: implement automated or clearly formalised operational processes.

4. Supervising subcontractors and partners

ORECA works with many service providers (logistics, payment, web platforms, analytics, etc.).
The RGPD imposes:

• Specific contractual clauses,
• Compliance checks on critical service providers (audit, DPA, etc.).

👉 Challenge: formalise and monitor obligations vis-à-vis each partner (via a register or governance tool).

5. Raising awareness among teams and instilling a culture of compliance

The RGPD is often perceived as a constraint by operational teams (marketing, IT, e-commerce, etc.). You need to:

• Train employees in good data processing practices,
• Implement clear governance (data protection delegate, referents…),
• Involve management in regular compliance monitoring.

👉 Challenge: get teams on board with data protection on a daily basis.

6. Maintaining compliance over time

Compliance is not a one-off project but an ongoing task:

• Changes in processing, new e-commerce functionalities, new partners, new risks…
• Need to keep registers alive, revise policies, test procedures…

👉 Challenge: ensure long-term, tool-based and pragmatic steering.