The purpose of this research is to explore project planning for personal information protection management by proposing relevant methods, tools, and technologies. It also took into consideration the differences in change management of personal information protection project performance mode among various organizations, along with their relevant stakeholders' managerial implications. In the past, most researches placed more focus around domestic laws, international standards, and project management. Under the environment of increasingly attentiveness around international privacy protection, and domestic law legislation, it is uncommon for researches to emphasize on an organization's change in management of personal data protection planning methods, relevant tools, evolving technologies, and then provide appropriate recommendations. There are also fewer studies found that considered decision making of implementation models for various organization and relevant meaning of management. This research uses the PMBOK® methodologies to explore the BS 10012 personal information management system project planning. With a systematic approach and in-depth interviews, it concluded 188 relevant recommendations about methods, tools, technologies of personal data protection management project planning. In addition, four unique project implementation models were introduced to accommodate each organization’s ISO 27001 certification status and to consider the decision factors of personal information uniform implementation models. Moreover, enterprise environment factors and organization process assets embedded in the maturity and preparation of project implementation were also considered in these models. Finally, within the boundary of each organizational system and its relevant stakeholders’ interests, expectations, needs, and effectiveness, correlated references and recommendations were made. These proposals are established for internal stakeholders (i.e. senior management, project managers, and team members) and external stakeholders (i.e. customers), to support their expected values, goals, aspirations, and performance output on the planning of personal information protection management project.