Digitization and Data Privacy
Supporting the SDGs Goal
Goals
Performance Highlights 2025
Commitment, Challenge and Opportunity
Index Living Mall Public Company Limited places great importance on personal data protection and cybersecurity, recognizing that the use of digital technology today must go hand in hand with responsible management of data subject rights. This approach aims to build trust, transparency, and operations in line with good governance principles.
The Company is committed to developing data storage and management systems that are secure, accurate, complete, and auditable, while also providing data subjects full access to their legal rights, such as the rights to access, correct, or delete their personal data.
With awareness of its role as a digital technology-driven organization, the Company operates under a clear, transparent, and legally compliant privacy policy to ensure the safe use of data, maximizing benefits for both service users and society as a whole.
Management and Operational Approach
Personal Data Protection
Index Living Mall Public Company Limited recognizes the importance of applying digital technology alongside personal data protection to build trust among stakeholders and enhance business efficiency in a stable, transparent, and sustainable manner. Therefore, the Company has established a comprehensive management framework in this area, based on relevant laws, international standards, and principles of good corporate governance.
A Clear and Auditable Governance Structure
Technology and Information Systems Management
Establishing Security Standards According to International Guidelines
Organizational Communication and Awareness
A Clear and Auditable Governance Structure
The company has assigned the Vice President of Information Technology (VP IT) to be responsible for information security policies, information security management, and the application of technology to support the organization’s business strategy. An Information Security Committee has also been established to monitor, oversee, and provide policy recommendations to ensure that operations are carried out in a consistent and continuous manner. In addition, the company has formally appointed a Data Protection Officer (DPO) in accordance with personal data protection laws. The DPO is responsible for overseeing and promoting proper practices in the collection, use, disclosure, and transfer of personal data in a responsible and compliant manner.
Technology and Information Systems Management
The Company places great importance on establishing a stable IT infrastructure capable of addressing all forms of cyber threats, with key approaches including:
- The organization has enforced Multi-Factor Authentication (MFA) for access to its information systems as a key identity control measure. This reduces the risk of unauthorized access and strengthens overall information security.
- The organization has migrated its data center infrastructure from an on‑premise data center to colocation and cloud platforms to enhance operational stability, reduce risks from physical disasters, and significantly improve network security.
- The organization has upgraded its email system by enhancing the Exchange Mail Server and has begun implementing Microsoft 365 (Office 365) to improve service stability, security, and system availability. This transition supports modern digital ways of working, reduces risks associated with outdated legacy systems, and elevates cybersecurity standards and long-term business continuity.
- The organization has adopted a Security Scorecard service to continuously assess and monitor the cybersecurity posture of both the organization and its business partners using external intelligence sources. This enables management to clearly visualize cyber risks in quantitative terms, supporting effective risk management, corporate governance, and informed cybersecurity decision-making.
Establishing Security Standards According to International Guidelines
The Company adheres to information security standards, including:
- ISO/IEC 27001: Information Security Management System (ISMS)
- NIST Cybersecurity Framework
These standards provide a systematic approach to risk management, handling cyber threats, and protecting the organization’s information assets.
Organizational Communication and Awareness
The Company conducts training, policy communication, and awareness programs for employees on:
- The rights of personal data subjects
- How to comply with the PDPA
- Vigilance against cyber threats, emphasizing that all personnel understand and actively participate in protecting the data the organization is responsible for
Innovation and Technological Transformation
Index Living Mall Public Company Limited recognizes the importance of digital technology and innovation as key mechanisms to enhance the organization’s competitiveness and respond to rapidly changing consumer behaviors in the digital era. Accordingly, the Company has established a comprehensive approach to innovation and technology, covering the development of internal business support systems, enhancement of customer experiences, and strategic data management to strengthen executive decision-making capabilities.
The development and application of these innovations and technologies are guided by three main approaches: Customer Experience Enhancement, Operational Excellence, and Smart Business Systems. These are aiming at driving sustainable and stable organizational growth.
Stakeholders Directly Impacted
Customers
Benefits Received
- Receive convenient services through digital systems, such as delivery status tracking, AI-based interior design, access to benefits in a single channel, and communication through secure and reliable channels
- Personal data is protected in accordance with legal and international standards
Potential Impacts
- Inconvenience if digital systems malfunction or experience temporary downtime
- Concerns arising from news about cyber threats, even if no actual impact occurs
Employees
Benefits Received
- Receive digital tools that enhance work efficiency, reduce redundant tasks, and provide quick access to accurate information
- Receive training on technology usage and data security
Potential Impacts
- The burden of adapting to and learning new systems
- Pressure to comply with strict data security measures
Shareholders
Benefits Received
- Modern corporate image leveraging technology to enhance competitiveness
- Reduce risks of data leakage and business disruption
Potential Impacts
- Investment risk if digital projects fail to meet plans or are delayed
- High initial investment costs in technology
Business Partners
Benefits Received
- Fast, accurate, and secure data connectivity and digital transactions
- Reduce errors in documentation and communication
Potential Impacts
- The need to adjust work systems to align with the Company’s digital standards
- The burden of complying with data security requirements
Communities and Society
Benefits Received
- Benefit from the organization operating transparently with clear data protection measures
- Promote trust in the organization and support the digital economy
Potential Impacts
- Public concerns if even minor personal data leaks occur
- Lack of understanding of technology and data security measures
Government and Others Agencies
Benefits Received
- Receive complete and timely information as required
- Facilitate verification of compliance with personal data protection laws
Potential Impacts
- Increased workload if required to investigate cases of organizational digital system failures or data breaches
- Dependence on the accuracy of data provided by the Company
Activities
