Privacy Protection and Cybersecurity Overview
Why is this Important?
The Company’s internal information is an asset that must be protected effectively. Hence, EGCO Group established the IT Security Policy to create data security and ensure the safety of computer systems or any data-related IT systems. This is to prevent, prepare, and reduce the risk of cyber threats ensuring that the Company has appropriate cybersecurity risk management and avoids any damages affecting the security of information. This also prevents cybercrimes, attacks, sabotage, espionage, and other mistakes and ensures compliance with the Cybersecurity Act B.E. 2562 (2019) and Personal Data Protection Act B.E. 2562 (2019). The 3 fundamental IT security components are
Furthermore, EGCO Group conducted security awareness training for executives every year to reduce the risk of data leaks from cyber threats. EGCO Group also established a working group on policy and guideline development on personal data protection to manage, monitor, and assess the impacts, as well as to implement relevant actions on personal data protection that are within the regulatory frameworks.
Stakeholder Impact on Materiality Topics
Privacy Protection and Cybersecurity Target
Privacy Protection and Cybersecurity Governance
The risk Oversight Committee stipulates an internal audit policy regarding risk management activities as well as investigates IT development-related operations regularly.Explore more
EGCO Group stipulated and published IT security and cybersecurity policy for every employee, including external parties providing services for EGCO Group, to use as an operational guideline on IT-related tasks, ensuring full compliance with related laws.Explore more
IT Security/ Cybersecurity Process & Infrastructure
EGCO Group’s IT Security System was certified ISO/IEC 27001:2013 which covers processes such as grievance management, change management, document control, asset utilization monitoring, etc.Explore more
Data Privacy Protection
EGCO Group places great importance on the data protection and privacy of employees, customers, suppliers, and every stakeholder. The Company stipulated strict internal data abuse prevention guidelines as well as established and announced the data privacy protection policy publicly.Explore more
Policies, Requirements and Performance
Personal Data Protection Act (PDPA) Statement
Personal Data Protection Policy
End User Security Guideline
Information Technology Development and Cyber Security Oversight Committee
Privacy Notice for External Data Subjects
Consent Form for External Data Subjects
Application Form for Exercise of the Rights of Data Subject
Personal Data Breach Notification Form
Updated as of March 2023
The information reported above was prepared in accordance with the Global Reporting Initiative Standards (GRI Standards). It has been audited by an external party and has received limited assurance through the 2022 Annual Report.