Page 165 - CRC_One Report 2021_EN
P. 165

Business Overview and Performance      Corporate Governance     Financial Statements   Enclosure



         Additionally, Central Retail has entered into an agreement with RIS to establish a Disaster Recovery Center to protect
         the Company’s database from damage that may occur from unprecedent events. Moreover, some important systems
         at both the main center and the recovery center have been under consideration of improvement for more efficiency,
         especially the capability of continuous operation for a longer time. The information system transfers plan from
         the long-established group data center to a state-of-the-art data center has also been considered. The international
         standards and credibility of the data center will reduce the risk of disruption and supports the growth of business
         and new technologies in the future. For supporting the e-commerce online channel system, Central Retail utilizes
         Cloud Hosting services provider from leading international companies which recognized for safety and stability.

         However, disaster recovery systems may help to operate main operating systems during unprecedent events,
         there is neither guarantee that the system could provide sufficient supports to the Company’s business operations
         in case the disruption of the main operating system causes longer than expectation, nor the backup system may
         not work alongside the main operating system. These factors would have significant negative impacts to
         Central Retail’s business operations.


         In addition, Central Retail receives and / or keeps personal data of customers in its information technology system.
         Such data is collected from the external service provider, e.g. The 1 Central Limited which manages special
         privilege programs for the 1 members and is HCDS’s subsidiary which must have access to such information of
         Central Retail. Therefore, Central Retail may encounter storage and management risks that allow access and /
         or disclose personal data that can be regarded as a violation of the Personal Data Protection Act B.E. 2562 (2019)
         and other relevant laws. As the advancement of technological threats makes it harder to detect and prevent,
         those threats may turn the security measures of Central Retail or external service providers upside down in
         the future, leaking the personal information of Central Retail’s customers. Gaps in data protection measures of
         Central Retail or external providers, operational mistakes, misconducts, a loss of confidentiality, system interruptions
         as a result of being hacked, incompliance with the laws and regulations regarding privacy and information security
         are all factors that may burden Central Retail with higher expenses of data protection for customers, members,
         related people and salespersons in its stores to restore theses people’s trusts. Additionally, it may incur increased
         expenses from modifying its data system and management methods to solve the data security and abide by
         the related laws and regulations. Those situations may negatively and significantly affect its reputation,
         have adverse effects on its competitiveness or even cause legal proceedings against Central Retail; decreasing
         its sales and negatively and significantly affecting its operating results, financial position, cash flow and liquidity.
         Also, leakage in Central Retail’s information security system may put it to a lot of expense, devote its resources
         in management to solve problems and heavily invest to develop its data security system, which it uses to protect
         personal information from technological threats and any other efforts to reach such information. Central Retail’s operation
         may be interrupted, especially in E-commerce and Omnichannel.


         Central Retail has established risk response measures to ensure risk is within the acceptable level by appointing
         persons with knowledge and capabilities as Chief Information Security Officers to be responsible for information
         security and Data Protection Officers to protect personal data as stipulated by the law as well as hiring consulting
         firms to provide counsel on security system and compliance with legal requirements. Central Retail has formulated
         policies, measures, objectives, conditions, notifications, and requested for consent of data collection, use of data,
         and disclosure of personal data in compliance with applicable laws. It minimizes the collection of sensitive data
         (such as customer health information) while employing other similar data collection methods instead and
         being cautious about the use of personal data by using only the information the customer has consented to.
         In addition, salespersons at the store are the important factor as they are frontline staff who serve all customers.
         Privacy awareness training comes down to educating the general workforce at the store to understand Personal
         Data Protection Act via various forms of media and to educate about customer service practices and
         highest respect towards the customers’ rights. Nevertheless, in some case, customers may still have some concerns
         on the unclear answer from salesperson of Central Retail, which leads to the risk of misunderstanding for



                                                                           Annual Report 2021 (Form 56-1 One-Report)  165
   160   161   162   163   164   165   166   167   168   169   170