ALREADY HAVE A CDPSE CERTIFICATION? LOG IN TO MYISACA

What is covered on the CDPSE exam?

The Certified Data Privacy Solutions Engineer® (CDPSE®) exam consists of 120 questions covering 4 job practice domains, all testing your knowledge and ability on real-life job practices leveraged by expert professionals.

Below are the key domains, subtopics and tasks candidates will be tested on:

20%
Domain 1

Privacy Governance
18%
Domain 2

Privacy Risk Management and Compliance
23%
Domain 3

Data Life Cycle Management
39%
Domain 4

Privacy Engineering
GET YOUR EXAM CANDIDATE GUIDE ACCESS EXAM PREP MATERIALS
Illustration of a certificate on the wall with man in front

ISACA’S commitment

Since its inception in 2020, more than 16,000 people have obtained ISACA’s CDPSE certification of the expertise needed to assess, build and implement comprehensive privacy solutions. The domains, subtopics and tasks are the results of extensive research, feedback and validation from subject matter experts and prominent industry leaders from around the world.

Updated job practice areas tested for and validated by a CDPSE certification

20% DOMAIN 1 – PRIVACY GOVERNANCE

A—PRIVACY GOVERNANCE

  1. Personal Information
  2. Privacy Principles (e.g., Privacy by Design, Consent, Transparency)
  3. Privacy Laws and Regulations
  4. Privacy Documentation (e.g., Policies, Guidelines)

B—PRIVACY OPERATIONS

  1. Organizational Culture, Structure, and Responsibilities
  2. Vendor and Supply Chain Management
  3. Incident Management
  4. Data Subject Rights, Requests, and Notification

18% DOMAIN 2 – PRIVACY RISK MANAGEMENT AND COMPLIANCE

A—RISK MANAGEMENT

  1. Risk Management Process and Policies
  2. Privacy-Focused Assessment (e.g., Privacy Impact Assessment (PIA))
  3. Privacy Training and Awareness
  4. Threats and Vulnerabilities
  5. Risk Response

B—COMPLIANCE

  1. Privacy Frameworks
  2. Evidence and Artifacts
  3. Program Monitoring and Metrics

23% DOMAIN 3 – DATA LIFE CYCLE MANAGEMENT

A—DATA COLLECTION AND PROCESSING

  1. Data Inventory, Dataflow Diagram, and Classification
  2. Data Quality (e.g. Accuracy)
  3. Data Use Limitation
  4. Data Analytics (e.g., Aggregation, AI, Data Warehouse)

B—DATA PERSISTENCE AND DESTRUCTION

  1. Data Minimization
  2. Data Disclosure and Transfer
  3. Data Storage, Retention, and Archiving
  4. Data Destruction

39% DOMAIN 4 – PRIVACY ENGINEERING

A—TECHNOLOGY STACKS

  1. Infrastructure and Platform Technology (e.g., legacy, cloud computing)
  2. Devices and Endpoints
  3. Connectivity
  4. Secure Development Life Cycle
  5. APIs and Cloud-Native Services

B—PRIVACY RELATED SECURITY CONTROLS

  1. Asset Management
  2. Identity and Access Management
  3. Patch Management and Hardening
  4. Communication and Transport Protocols
  5. Encryption and Hashing
  6. Monitoring and Logging

C—PRIVACY CONTROLS

  1. Consent Tagging
  2. Tracking Technologies (e.g., cookie management)
  3. Anonymization and Pseudonymization
  4. Privacy Enhancing Technologies (PETs)
  5. AI/Machine Learning (ML) Considerations

SUPPORTING TASKS

  1. Identify internal and external requirements to develop and maintain the organization’s privacy programs.
  2. Review organizational programs to align with privacy related legal and regulatory requirements, industry best practices (e.g., privacy by design), and data subject’s expectations.
  3. Advise on data life cycle policies and practices to ensure privacy considerations for data governance.
  4. Design and evaluate the implementation of technical and operational controls for data classifications and data life cycle requirements.
  5. Perform privacy impact assessments (PIAs) and other privacy-focused assessments.
  6. Contribute to the integration of privacy principles (e.g., privacy by design) in the development of procedures and operational manuals for organizational needs.
  7. Collaborate with stakeholders to promote privacy principles (e.g., privacy by design) are followed during the design, development, and implementation of systems, applications, and infrastructure.
  8. Identify and assess privacy related threats and vulnerabilities.
  9. Contribute to the evaluation of contracts, service level agreements (SLAs), and privacy practices of vendors and other parties and subsequently monitor for compliance.
  10. Participate in the incident management process to address privacy impacts and support remediation.
  11. Collaborate with relevant stakeholders to address privacy compliance and risk response.
  12. Contribute to the evaluation of information architecture to support privacy by design principles and data considerations.
  13. Evaluate changes in regulatory landscape, emerging threats to privacy, and privacy enhancing technologies (PETs).
  14. Design, implement, and monitor processes and procedures to keep personal information inventory and dataflow records current and accurate.
  15. Advise on data classification for personal information to enable risk assessment and implementation of controls.
  16. Develop and monitor metrics to report on privacy program performance to relevant stakeholders.
  17. Advocate for advancing privacy posture and maturity as it aligns to the organizational objectives.
  18. Contribute to the development of educational content and conduct privacy training to promote a privacy aware culture.
  19. Promote accountability, fairness, and transparency throughout the data life cycle.

Getting ready for the exam

ISACA offers a variety of exam preparation resources including group training, self-paced training and study resources in various languages to help you prepare for your certification exam. Choose what works for your schedule and your studying needs.

ACCESS ALL CDPSE EXAM PREP MATERIALS

ISACA glossary and CDPSE translations

Some CDPSE terms can be lost in translation. That is why ISACA has translated our CDPSE Terminology List into numerous languages, ensuring learners fully understand the materials. Please see the list of translations below. To learn more about key industry terms, please explore the ISACA glossary here.

Chinese Simplified |  German |  Spanish