The Legislative Yuan passed the Personal Data Protection Act on April 27(superscript th), 2010, and it let the personal data protection issues call the public's attention. In the future organization, regardless of their size or the amount of personal data, will be subject to the Personal Data Protection Act. It affect the data collection and processing way and the marketing practices, and it also increase criminal penalties and compensation. Therefore, the enterprise should engage in planning and implement information security protection of personal data at this stage in quickly. ISO 27001 is an international standard of information security management system. But this is not representative for the integrity of personal data protection in the enterprise when they follow ISO 27001. The enterprise's information security is focus on the confidential information and less to the customer's personal data. It make inadequate on personal data protection. The enterprise must adjust the appropriate security structure to control personal data processes to meet compliance requirements.This study applies the Gowin's Vee research strategy. In the conceptual side, we sorted out 4 control domains, 15 control objectives, and 75 control measures which develop the Enterprise Privacy Protection Management Mechanism by literature review about Personal Information Management System and Personal Data Protection Act. Then we apply the Delphi Expert Questionnaires to fix this mechanism and add a new control measure. In the methodological side, we use the case study to verify and assessment the practicality and availability of this mechanism. This research shows that the research outcome, the Enterprise Privacy Protection Management Mechanism, provides organizations a reference and compliance purpose to help them obey the law, reduce the risk of litigation, and fulfill the responsibilities of protect personal data.