EGCO Group places great importance on data protection and privacy of employees, customers, suppliers, and every stakeholder. The Company stipulated strict internal data abuse prevention guidelines as well as established and announced the data privacy protection policy publicly. This is to ensure that any operation handling personal information is secure, stable, reliable, in full compliance with related laws, and is trusted by the data owner. EGCO Group has established mechanisms to ensure effective compliance with the policy as follow:

Risk management

  1. Risk management is the shared responsibility of management and employees at all levels. And this needs to be continued even if the risks cannot be eradicated. But effective risk management benefits the organization. To manage and control risks to an acceptable level and appropriate to the benefit derived from the control.
  2. Information security risks refer to any future incident and affected to Confidentiality Integrity or Availability of the organization’s information system.
  3. Cyber security risks refer to any event that may happen in the future. Due to cyber threats relying on various weaknesses and gaps. Attack the system Technology equipment and the network system affects the service system and the organization’s information system.

The risk management process must consist of the following main steps:

  • Identifying potential risks and impacts on information security.
  • Risk assessment
  • Risk management
  • Risk monitoring and reporting

Privacy compliance

To ensure EGCO has reliable data privacy protection which comply with the privacy policy, the company conducted data privacy audits, both internal from EGCO’s internal audit division and external from third-party auditor. In further years, internal and external audits will refer to ISO27001.

The Internal Audit Division of EGCO has executed an audit evaluating legal compliance against personal data protection on the effectiveness of the internal control, risk management, and data governance across all stakeholders within EGCO Group to ensure the company’s operation is aligned with the law while having an appropriated internal control to ensure the operations meet with the company’s objective. Any significant results will be provided with a suggestion that will further improve the operation.

For the external audit, EY Corporate Services Limited (“EY”) assisted EGCO in conducting an audit on personal data protection management with scope of the audit of: Personal data governance, personal data processing, personal data subject rights management, personal data breach management, personal data disclosures, and information security. EY gathered information from the interview of relevant stakeholders and reviewed related documents to understand EGCO’s current personal data protection management and then compare with the Personal Data Protection Act B.E. 2562 and applicable laws to identify observations and recommendations to improve the effectiveness of personal data protection management.