The advancement of information and communication technology has made privacy boundaries thinner.  Various personal data on E-Commerce websites are increasingly easy to spread, which creates risks at every stage of personal data processing. This is important to be given further attention, given the high number of transaction valuations that occur through E-Commerce websites. This research aims to analyze what forms of risks can occur at each stage of personal data processing on E-Commerce websites. The stages of personal data processing described in this research are the stages of personal data processing as stipulated in Law Number 27 Year 2022 on Personal Data Protection. This research utilizes a library research method by focusing on legal materials so that it can be said to be library based. The results show that there are different risks at each stage of personal data processing on E-Commerce websites, both before the storage of personal data, and after the storage of personal data by the personal data controller.  This can be in the form of data collection that is not in accordance with applicable regulations, lack of transparency of data collection, and data collection that is not specific, unlimited, and illegal, unauthorized access, disclosure in an unauthorized manner, unauthorized modification, misuse, destruction, and loss of personal data on the system. To reduce the impact of risks, things that can be done are to update the system regularly, or increase the capacity of human resources who process personal data.