Privacy Protection and Cybersecurity Overview
Why is this Important?
The Company’s internal information is an asset that must be protected effectively. Hence, EGCO Group established the IT Security Policy to create data security and ensure the safety of computer systems or any data-related IT systems. This is to prevent, prepare, and reduce the risk of cyber threats ensuring that the Company has appropriate cybersecurity risk management and avoids any damages affecting the security of information. This also prevents cybercrimes, attacks, sabotage, espionage, and other mistakes and ensures compliance with the Cybersecurity Act B.E. 2562 (2019) and Personal Data Protection Act B.E. 2562 (2019). The 3 fundamental IT security components are
Furthermore, EGCO Group conducted security awareness training for executives every year to reduce the risk of data leaks from cyber threats. EGCO Group also established a working group on policy and guideline development on personal data protection to manage, monitor, and assess the impacts, as well as to implement relevant actions on personal data protection that are within the regulatory frameworks.
Stakeholder Impact on Materiality Topics
Management Approach
Privacy Protection and Cybersecurity Target

Privacy Protection and Cybersecurity Governance
The risk Oversight Committee stipulates an internal audit policy regarding risk management activities as well as investigates IT development-related operations regularly.
Explore more
Cybersecurity Measures
EGCO Group stipulated and published IT security and cybersecurity policy for every employee, including external parties providing services for EGCO Group, to use as an operational guideline on IT-related tasks, ensuring full compliance with related laws.
Explore more
IT Security/ Cybersecurity Process & Infrastructure
EGCO Group’s IT Security System was certified ISO/IEC 27001:2013 which covers processes such as grievance management, change management, document control, asset utilization monitoring, etc.
Explore more
Data Privacy Protection
EGCO Group places great importance on the data protection and privacy of employees, customers, suppliers, and every stakeholder. The Company stipulated strict internal data abuse prevention guidelines as well as established and announced the data privacy protection policy publicly.
Explore moreRelated Documents
Policies, Requirements and Performance
-
Sustainability Manual
-
Personal Data Protection Act (PDPA) Statement
-
Personal Data Protection Policy
-
End User Security Guideline
-
Information Technology Development and Cyber Security Oversight Committee
-
Privacy Notice for External Data Subjects
-
Consent Form for External Data Subjects
-
Application Form for Exercise of the Rights of Data Subject
-
Personal Data Breach Notification Form
Performance Data
Updated as of March 2023
The information reported above was prepared in accordance with the Global Reporting Initiative Standards (GRI Standards). It has been audited by an external party and has received limited assurance through the 2022 Annual Report.