Sustainability Projects
Privacy Protection 2022
The growth of digital systems and online platforms in today’s world has resulted in the proliferation of platforms that collect personal data. While this data is undeniably useful and can generate insights on how these platforms can be improved to better meet user needs and create more engaging user experiences, personal data may also be used in ways that are harmful to the data subject, such as when it is sold to other parties or used to commit identity theft.
In order to prevent the misuse of personal data, the Thai government enacted the Personal Data Protection Act B.E. 2562 (2019) (PDPA) to regulate the protection of personal data. The PDPA prohibits organizations that collect personal data from disclosing that data or using it beyond the scope of what it has received consent to do.
For EGCO Group, safeguarding the privacy and personal data of our stakeholders while securing organizational data are both forefront priorities for the business. The Company has thus defined guidelines to ensure that the collection, storage, and use of data by our organization is done efficiently and in strict compliance with privacy standards. The Information Technology Development and Cyber Security Oversight Committee and Working Group were appointed to safeguard data privacy and prevent the misuse of personal data and organizational data. Furthermore, to make certain that EGCO Group employees understand the importance of personal data protection, the Company has organized training on the importance of personal data and the Personal Data Protection Act for all employees.
PDPA B.E. 2562 (2019) Awareness Training
The PDPA Awareness Training Program was organized to ensure that all EGCO Group employees understand the purpose and principles of the Personal Data Protection Act B.E. 2562 (2019) (PDPA) and are able to identify how the law will affect the Company and its strategy.
The PDPA Awareness Training Program is mandatory for all employees and regularly organized on an annual basis. It has also been integrated into the Company’s online learning platform.
The key topics covered in the training include:
- Overview of the Personal Data Protection Act B.E. 2562 (2019) (PDPA)
- Impacts on the Company’s strategy
- Preventing data loss and data leakage
- Respecting the rights of data subjects
- Impacts and taking precautions at work.
- Function-specific impacts
- Records of Processing Activities (ROPA)
Furthermore, EGCO Group has established a policy and work procedure on personal data protection and communicated the policy and work procedure to all employees. Employees are required to sign their commitment to respect the principles of personal data privacy.
Benefits of the Project
- EGCO Group employees understand the key principles of the Personal Data Protection Act B.E. 2562 (2019), or PDPA, and are aware of how the law affects the Company.
- EGCO Group employees understand the relevant organizational processes and are able to respond to data loss or leakage incidents if they occur.
Implementation Approach
- Implement the training as a mandatory program and regularly organize the training for all EGCO Group employees on an annual basis, using a hybrid approach to accommodate both online and in-person attendees.
2022 Performance
PDPA in Practice Training
The PDPA in Practice Training Program ensures that all EGCO Group employees know their roles and responsibilities to ensure compliance with the PDPA. The Program trains employees on the importance of data collection, data storage, and data misuse prevention, and outlines the disciplinary actions that may result if the law is violated.
The PDPA in Practice Training is mandatory for all employees and regularly organized on an annual basis. All employees are required to pass this training.
The key topics covered in the training include:
- Corporate responsibility to comply with the PDPA
- Disciplinary actions in case of breach
- Data privacy, information security/ cybersecurity incident management. Case Studies from the Energy Industry and Other Businesses
- Good Practices in Personal Data Protection
- Summary of Legal Frameworks and Guidelines for Authorities
Benefits of the Project
- EGCO Group employees understand the Personal Data Protection Act B.E. 2562 (2019) (PDPA), appreciate their roles as data protectors and are cautious of disciplinary action that may result if the law is violated.
- EGCO Group employees can complete work processes that include the handling of personal data with caution and in compliance with the PDPA.
Implementation Approach
- Implement the training as a mandatory program and regularly organize the training for all EGCO Group employees on an annual basis, using a hybrid approach to accommodate both online and in-person attendees.
2022 Performance