Business Overview and Performance      Corporate Governance     Financial Statements   Enclosure



         Central Retail’s intention, and customers may feel that they are not being treated fairly by the law. In such cases,
         customers can contact or deliver their inquiry to dpo@central.co.th. Furthermore, Central Retail is aware of how to
         prevent and cope with the cyber-attacks, including strong data governance and communications with
         an emphasis on cyber security throughout the organization. Central Retail has developed and reviewed
         the Information Security Policy and the Customer Data Handling Policy in accordance with the changes
         in technology and strongly communicate these policies to all employees of the Company. Central Retail continues
         to apply high level of standard technology for security system in hardware, software, and communication networks,
         together with up-to-date antivirus software system, patch software, backup facility, and an access to main systems
         granted only to those authorized. Central Retail has also educated and raised awareness among employee
         throughout the organization about IT security issues through various communication channels within
         the organization. Nonetheless, all cyber operations without appropriate control might cause a gap where
         hostile criminals might use other new methods to damage the Company’s business, reputation and credibility.

         Central Retail has in possession and manage the personal information of ordinary people in the European Union,
         especially those of Rinascentecard members and personal information of its employees. Using and managing
         such information is governed by laws and regulations enforced in the European Union and Italy. If Central Retail
         or The  1 Loyalty Program violates the privacy or confidentiality  of the data or cannot carry out or follow
         the applicable criteria, including the EU Regulation no. 2016/679 (GDPR) in force on 24 May 2016 and
         applicable to all countries in the European Union on 25 May 2018; and Italy’s Legislative Decree 196/2003
         (“Data Protection Code”); Central Retail may be significantly liable to administrative, civil or criminal penalties,
         fined and defamed. Central Retail is currently in the process of data protection impact assessment and preparation
         of confidential policy or agreements regarding its employee data transfer to receivers outside the European Union
         as prescribed in the GDPR. It can neither guarantee that it will be able to protect the privacy and maintain
         the confidentiality of the customer or employee information nor it is able to successfully adapt the new applicable
         rules. If Central Retail or The1 Loyalty Program’s management of personal information of ordinary people related
         to the organization and  /  or its business (including customers, employees, experts and others) is not in line
         with the binding principles (that is following the laws, be transparent, collect information as needed and others)
         and other duties required by the personal information protection law, it may be guilty under the GDPR and
         the Privacy Code. In addition, adhering to the information protection and privacy rules is a condition required
         under the concession agreements signed with its suppliers. Accordingly, Central Retail’s noncompliance with
         the GDPR may be cited as a reason to cancel the agreements if Central Retail breaches its obligations under
         relevant laws, or has to incur additional costs to comply with any new privacy rule, legislation or guideline,
         the ensuing liabilities or harm to its reputation or the increased compliance costs, as applicable, may have
         a material adverse effect on our business, financial position and results of operations.


         (4) Omnichannel Platform Risk


         Marketing through a variety of channels, whether online or offline with a seamless connection to offer the same good
         experience to customers at every touch point. This has become a marketing trend in the spotlight of attention,
         especially during the COVID-19 situation where customers have increased their shopping channels extensively.
         Central Retail’s omnichannel service focuses on creating customer-centric experiences for various retail brands in
         every main business and every country in which the Company operates, including Fashion segment such as
         Central Department Store, Robinson Department Store and Rinascente Department Store, Hardline segment such as
         Thai Watsadu, Power Buy and Nguyen Kim, and Food segment such as Central Food Hall and Big C / GO! Vietnam, etc.


         However, Omnichannel marketing has some potential risks if operated without well-executed planning in advance
         which channel should be the main channel that creates the best customer experience and readiness of operational
         team. In addition, Omnichannel infrastructure must flexible and support long term growth. All of the above are
         risk factors that must be considered. Therefore, Central Retail also attaches importance to establish the guidelines



         166  Annual Report 2021 (Form 56-1 One-Report)