Page 86 - BAM ONE REPORT 2565 (ENGLISH VERSION)
P. 86
80
Thailand has given greater importance to laws and regulations on cyber security and personal data protection
as evident from the promulgation of the Personal Data Protection Act B.E. 2562 (PDPA), which was published in the Government
Gazette on May 27, 2019. It is the first data protection law of Thailand and has come into effect since June 1, 2022. Secondary
legislations relevant to personal data protection have also been passed accordingly. Business operators, including the
Bangkok Commercial Asset Management Public Co., Ltd.
Company, are required to collect, use or disclose personal information, including transfer of personal information to
other countries, in accordance with the processes and provisions of the PDPA. At present, the Company has appointed
data protection officer (DPO) pursuant to Section 41 and Section 42 of the PDPA to give recommendations to data controllers
or data processors and to perform audit of personal data processing as required by the laws. In addition, the Company
has appointed data protection coordinator attached to each work unit to perform duties on behalf of the Company
and to provide information or identify and report any possible violations of personal data to the DPO, as well as to
determine corrective action guidelines. Also, the Company has formulated the policy, guidelines, procedures and
measures on personal data protection to mitigate risks and minimize impacts on the rights and freedom of the data
owners so as to enable the management, employees and full-time and part-time workers of the Company to apply
them in the activities involving personal data. This would ensure that the Company’s operation on the relevant parts
is correct and complies with the PDPA. The Company has also established the policy, measures and guidelines on IT
and cyber security in accordance with the Cyber Security Act B.E. 2562 in conjunction with set-up of Information Technology
Risk Management and Compliance Division and Personal Data Protection Support Division to monitor and ensure
compliance with the rules and regulations under the above two Acts.
In the preparation for compliance with changes in legislations, the Company may require additional resources
and incur additional costs, and may have to change its business operation and policy regarding privacy issue, which
may negatively affect its business. Failure by the Company to comply with the laws and regulations governing cyber security
and personal data protection, both existing at present and to be enforced in the future, may result in the Company
being subject to legal disputes, fine payment, legal penalties, and detriment to its reputation.
Furthermore, changes in customers’ expectations and requirements with respect to personal data protection
may limit the Company’s ability to gather and use the data derived from its business operation. This may hinder its
provision of services, which may materially pose adverse impact on the Company’s business, reputation and financial
performance.
Investment risks of securities holders
Risk of negative impact on the Company from action taken by major shareholder
The FIDF holds 45.8 percent of the Company’s total issued and paid-up shares (data as of May 3, 2022, which
was the Company’s latest register book closing date) and is still the Company’s major shareholder. As long as the Company’s
major shareholder retains the shareholding proportion that gives it the majority of the voting rights, it will maintain a
crucial part in the decision-making process for any matters that require the approval of the shareholders’ meeting, including
the appointment of the Board of Directors. Moreover, the major shareholder may exercise its voting rights at the shareholders’
meeting to acquire the resolution required, even though such resolution might conflict with the interest of the Company
and other shareholders.
