The Legislative Yuan passed the Personal Data Protection Act on April 27th, 2010, and it let the personal data protection issues call the public's attention. In the future organization, regardless of their size or the amount of personal data, will be subject to the Personal Data Protection Act. It affect the data collection and processing way and the marketing practices, and it also increase criminal penalties and compensation that is up to $200 million when the enterprise is against the law. Therefore, the enterprise should engage in planning and implement information security protection of personal data at this stage in quickly. BS 10012 is the international standard of information security management system. It is also accepted to take the security authentication by Taiwan enterprises. Follow PDCA management cycle, it standardizes Information security control flows. Finally, it needs to decide what the control standards and policies will be set up to conform BS 10012 standard. So as to achieve the information security goals of the Confidentiality, Integrity and Availability. This study apply the self-assessment of privacy disclosure form and sorted out 4 control domains, 13 control objectives which develop the Enterprise Privacy Protection Management Mechanism by literature review about BS 10012 and Personal Data Protection Act. This research shows that the research outcome, the Enterprise Privacy Protection Management Mechanism, provides organizations a reference and compliance purpose to help them obey the law, reduce the risk of litigation, and fulfill the responsibilities of protect personal data.