Digitization and Data Privacy
Supporting the SDGs Goal
Goals
Performance Highlights 2024
Commitment, Challenge and Opportunity
Index Living Mall Public Company Limited places great importance on personal data protection and cybersecurity, recognizing that the use of digital technology today must go hand in hand with responsible management of data subject rights. This approach aims to build trust, transparency, and operations in line with good governance principles.
The Company is committed to developing data storage and management systems that are secure, accurate, complete, and auditable, while also providing data subjects full access to their legal rights, such as the rights to access, correct, or delete their personal data.
With awareness of its role as a digital technology-driven organization, the Company operates under a clear, transparent, and legally compliant privacy policy to ensure the safe use of data, maximizing benefits for both service users and society as a whole.
Management and Operational Approach
Personal Data Protection
Index Living Mall Public Company Limited recognizes the importance of applying digital technology alongside personal data protection to build trust among stakeholders and enhance business efficiency in a stable, transparent, and sustainable manner. Therefore, the Company has established a comprehensive management framework in this area, based on relevant laws, international standards, and principles of good corporate governance.
A Clear and Auditable Governance Structure
Technology and Information Systems Management
Establishing Security Standards According to International Guidelines
Organizational Communication and Awareness
A Clear and Auditable Governance Structure
The Company assigns the Chief Information Officer (CIO) to be responsible for information security policies and the application of technology to support the organization’s strategy. An Information Security Committee is established to monitor, oversee, and provide policy recommendations to ensure that operations are conducted consistently and in alignment with organizational objectives.
At the same time, the Company has officially appointed a Data Protection Officer (DPO) as required by personal data protection law, to oversee and promote proper practices in the collection, use, disclosure, or transfer of personal data responsibly.
Technology and Information Systems Management
The Company places great importance on establishing a stable IT infrastructure capable of addressing all forms of cyber threats, with key approaches including:
- Using Active Directory and Mobile Device Management (MDM) systems to control system access rights and prevent data leakage from devices used within the organization.
- Migrating data centers from on-premise to modern colocation and cloud platforms to enhance operational stability, reduce risks from physical disasters, and improve network security effectively.
- Upgrading secure email systems, such as Microsoft Exchange Server, to the latest version to enable encrypted email transmission, prevent interception of sensitive information, and implement effective access logging.
- Continuously updating hardware and software systems to address emerging cybercrime, prevent unauthorized data access, and support business growth and flexible operations in the digital era.
Establishing Security Standards According to International Guidelines
The Company adheres to information security standards, including:
- ISO/IEC 27001: Information Security Management System (ISMS)
- NIST Cybersecurity Framework
These standards provide a systematic approach to risk management, handling cyber threats, and protecting the organization’s information assets.
Organizational Communication and Awareness
The Company conducts training, policy communication, and awareness programs for employees on:
- The rights of personal data subjects
- How to comply with the PDPA
- Vigilance against cyber threats, emphasizing that all personnel understand and actively participate in protecting the data the organization is responsible for
Innovation and Technological Transformation
Index Living Mall Public Company Limited recognizes the importance of digital technology and innovation as key mechanisms to enhance the organization’s competitiveness and respond to rapidly changing consumer behaviors in the digital era. Accordingly, the Company has established a comprehensive approach to innovation and technology, covering the development of internal business support systems, enhancement of customer experiences, and strategic data management to strengthen executive decision-making capabilities.
The development and application of these innovations and technologies are guided by three main approaches: Customer Experience Enhancement, Operational Excellence, and Smart Business Systems. These are aiming at driving sustainable and stable organizational growth.
Stakeholders Directly Impacted
Customers
Benefits Received
- Receive convenient services through digital systems, such as delivery status tracking, AI-based interior design, access to benefits in a single channel, and communication through secure and reliable channels
- Personal data is protected in accordance with legal and international standards
Potential Impacts
- Inconvenience if digital systems malfunction or experience temporary downtime
- Concerns arising from news about cyber threats, even if no actual impact occurs
Employees
Benefits Received
- Receive digital tools that enhance work efficiency, reduce redundant tasks, and provide quick access to accurate information
- Receive training on technology usage and data security
Potential Impacts
- The burden of adapting to and learning new systems
- Pressure to comply with strict data security measures
Shareholders
Benefits Received
- Modern corporate image leveraging technology to enhance competitiveness
- Reduce risks of data leakage and business disruption
Potential Impacts
- Investment risk if digital projects fail to meet plans or are delayed
- High initial investment costs in technology
Business Partners
Benefits Received
- Fast, accurate, and secure data connectivity and digital transactions
- Reduce errors in documentation and communication
Potential Impacts
- The need to adjust work systems to align with the Company’s digital standards
- The burden of complying with data security requirements
Communities and Society
Benefits Received
- Benefit from the organization operating transparently with clear data protection measures
- Promote trust in the organization and support the digital economy
Potential Impacts
- Public concerns if even minor personal data leaks occur
- Lack of understanding of technology and data security measures
Government and Others Agencies
Benefits Received
- Receive complete and timely information as required
- Facilitate verification of compliance with personal data protection laws
Potential Impacts
- Increased workload if required to investigate cases of organizational digital system failures or data breaches
- Dependence on the accuracy of data provided by the Company
Activities
