Cybersecurity and Privacy Protection

Central Retail recognizes the risk of cyber-attacks and the leakage of personal information from the use of digital technology in business operations in the age of the digital transformation. Therefore, it is imperative to create a secure connection to information throughout the organization and develop an Omnichannel platform. Central Retail has implemented measures to maintain cyber security and stability of the information system, including respecting the rights and privacy of personal data.

Management Approach


Central Retail has set up a cybersecurity and data protection unit to oversee the stability of information systems, whereby the risk policy committee, Chief Information Security Officer (CISO), and professional level employees are closely responsible for cyber security management. In addition, a strict security system is installed at the data center to prevent physical damage from emergency situations. Furthermore, Central Retail has set guidelines and frameworks for the management of information technology systems that employees and related parties must strictly follow and comply with legal regulations and international standards. Moreover, Central Retail has organized training for employees, from new employees to executives, in order to communicate and create awareness, as well as promote awareness of the importance of cybersecurity in accordance with the aforementioned standards.

Personal Data Protection

Central Retail values and is committed to the protection of rights and privacy, as well as the prevention of breaches of personal information of its customers, business partners, employees and relevant stakeholders. Central Retail has established a Personal Data Protection Unit and appointed a Data Protection Officer (DPO) to oversee and set a framework for operations in accordance with the Personal Data Protection Act (PDPA), which has set and enforced regulations regarding Personal Data Handling Procedure. This practice is aimed to prevent violations and maintain the rights and privacy of the personal data subject. In addition, Central Retail has announced its Privacy Policy to the public, both on the Central Retail website and at the customer service area of a department store, as well as any other points where personal data is collected, to create transparency in the use of personal data.

Cyber Security Process

Monthly Meeting
Organize a monthly Security Committee Meeting (SCM) between working groups and IT executives of each sub-group.
Risk Assessment
Collect and exchange cybersecurity information to assess risks and prepare for cyber threats.
Implementation Framework
Develop guidelines and frameworks for compliance with Center for Internet Security Control (CIS) and National Institute of Standards and Technology – Cyber Security Framework (NIST-CSF) standards or guidelines.

Personnel Training to Raise Awareness on Cyber Threats and Cyber Crimes

Central Retail pays attention to the development of employees' knowledge and abilities. through the “Cybersecurity E-Learning” online training program, aimed at educating employees about the principles and importance of personal data and security of the information system in the organization. All employees participate in creating a positive impact on performance in the work process, customer service, and corporate sustainability on social dimension.

Data Management Platform to Promote Data Governance and Privacy Policy Compliance

Central Retail emphasizes data protection and management of customer information through the implementation of effective data management and governance frameworks to enhance information management processes and create an internal data governance framework that meets international standards. Central Retail has invested in a data management and governance platform for its business operations in order to comply with the policies, rules, regulations and requirements set forth, including the use of Record of Processing Activities (RoPA).