DATA PRIVACY & SECURITY We are living in a digital age, where personal and professional tasks are increasingly carried out online and on publicly accessible platforms, a trend that has only accelerated due to the restrictions of the pandemic. Against this backdrop, and as a conglomerate with a significant interest in the Information Technology sphere, we have a duty to safeguard the data of our customers, suppliers and employees online, and to do so using industry-leading cyber security approaches. Our Privacy Policy – formulated pursuant to the Personal Data Protection Act (“PDPA”) 2010 – details our pledge to protect all personal data of our customers in our trust, and dictates that we must secure the permission of our customers before carrying out actions relating to their data. Further to this, in instances where business transactions involve the exchange of sensitive business data, detailed Non-Disclosure Agreements are signed. In terms of cyber security, Dagang Net is accredited with the ISO 27001:2013 certification for Information Security Management Systems. Furthermore, we invest considerable time and resources into updating our software, infrastructures and processes, with the aim of ensuring that we remain at the forefront of innovation in the space. This is essential as modern-day cyber threats are becoming ever-more sophisticated, with bad actors continuously finding new ways of penetrating corporate IT systems and databases. SUSTAINABILITY STATEMENT CASE STUDY Dagang Net's Approach to Data Privacy & Security Dagang Net is Malaysia’s leader in Business to Government (“B2G”) trade facilitation services, holding the contract to operate the country’s National Single Window (“NSW”). As such, they handle large volumes of sensitive personal and business data on a daily basis and need to ensure that this data is protected to the highest standards. Firstly, no personal data is stored other than that which is required for the submission of regulatory documents, thereby minimising the data privacy risks that businesses face. Furthermore, all data pertaining to transactions on Dagang Net's NSW platform is stored in the database itself and is not processed or extracted unless expressly approved by the Malaysian Ministry of Finance or related stakeholders. Secondly, the entire platform is managed in accordance with the guidelines provided by the ISO 27001:2013 certification for Information Security Management Systems, thereby aligning Dagang Net’s practices with internationally recognised standards. As a result of their approach to data privacy, Dagang Net were recognised under the Customer Service Management Best Practices Recognition Scheme by SIRIM, recognising their implementation of practices that provide optimal outcomes for customers. Apart from that, the Customer Contact Centre also has been certified with ISO 18295:2017 accordingly. Zero incidences of breaches in customer privacy and/or data misuse, including breaches relating to the Personal Data Protection Act 2010, were recorded during the year in review. DAGANG NeXCHANGE BERHAD 186
RkJQdWJsaXNoZXIy NDgzMzc=