Certification guide
The Certified Data Privacy Solutions Engineer (CDPSE) is ISACA’s credential for the people who build privacy — the engineers, architects, and technical leads who translate privacy law and policy into working systems. Where legal-track certifications prove you can interpret a regulation, the CDPSE proves you can implement it: designing privacy into pipelines and platforms, choosing the right controls and privacy-enhancing technologies, governing data through its full life cycle, and assessing the privacy risk of what the organization actually runs. It is the recognized technical counterpart to the compliance-side privacy credentials, and a natural fit for privacy engineers, security architects moving into privacy, and IT professionals who own the systems where personal data lives.
The exam content outline was restructured effective June 2, 2025, and the change is significant: ISACA moved from the original three domains to four, splitting risk management and compliance into its own domain and consolidating all of the technical material — infrastructure, SDLC, APIs, encryption, monitoring, consent technology, PETs, and AI/ML privacy considerations — into a single Privacy Engineering domain that now carries 39% of the exam. If your study materials still show three domains, they predate the current outline.
Privacy Governance
Domain 1 · 20%What personal information is and which principles, laws, and regulations govern it — plus the organizational machinery: privacy documentation, roles and responsibilities, vendor and supply-chain management, incident management, and honoring data subject rights and notification duties. Expect scenario questions on controller/processor roles, consent validity, cross-border transfers, breach clocks, and DSAR judgment calls.
Privacy Risk Management and Compliance
Domain 2 · 18%The assessment discipline: privacy risk management processes and policies, privacy impact assessments, threats and vulnerabilities through a privacy lens (think LINDDUN, not just STRIDE), risk response, privacy frameworks such as the NIST Privacy Framework and ISO 27701, the evidence and artifacts that prove a program operates, and the metrics that show whether it is working.
Data Life Cycle Management
Domain 3 · 23%Data from purpose to destruction: inventory, dataflow diagrams, and classification; data quality; use limitation and the compatibility of secondary uses including analytics and AI; minimization; disclosure and transfer; storage, retention, and archiving; and defensible destruction — from media sanitization per NIST SP 800-88 to cryptographic erasure in multi-tenant clouds.
Privacy Engineering
Domain 4 · 39%The heavyweight domain and the exam’s center of gravity. Infrastructure and platform technologies from legacy systems to cloud-native; devices, endpoints, and connectivity; privacy in the SDLC and in APIs; identity and access management, hardening, encryption and hashing, monitoring and logging; and the privacy-specific control layer — consent tagging, tracking technologies, anonymization and pseudonymization, privacy-enhancing technologies, and AI/ML privacy considerations from training-data memorization to federated learning.
Each Certifym CDPSE practice exam is a full-length, 120-question timed simulation weighted exactly to the official blueprint — 24 questions on governance, 21 on risk and compliance, 28 on the data life cycle, and 47 on privacy engineering — on the same 3.5-hour clock as the real exam. ISACA reports results on a 200–800 scale with 450 required to pass; we set the practice pass mark at 65% as an honest raw-score equivalent. Because the questions are blueprint-stratified, hitting the pass mark here means demonstrated competence across all four domains — with Privacy Engineering at 39%, you cannot pass on governance reading alone — not luck in the heavy ones.
ISACA CDPSE - Practice Exam
Full-length ISACA CDPSE practice exam — 120 scenario questions weighted to the official four-domain outline effective June 2025 (Privacy Governance 20%, Privacy Risk Management and Compliance…
Subscribe to startTrademark notice & independence. CDPSE® and ISACA® are registered trademarks of ISACA. Certifym is an independent study resource operated by Certifym Exam Services, LLC and is not affiliated with, sponsored by, or endorsed by ISACA. The CDPSE exam content outline and its domain structure are the property of ISACA; candidates should download the official, current exam content outline directly from isaca.org.
All questions, answers, and explanations on Certifym are original content created for practice purposes. They are not actual ISACA examination questions and are not represented as such. Practicing with these materials does not guarantee a passing result on any live certification exam.
