The 2025 CDPSE Job Practice Update

See how the changes will affect your exam preparation.

ALREADY HAVE A CDPSE CERTIFICATION? LOG IN TO MYISACA

Explore the changes to the CDPSE exam and exam prep materials.

The CDPSE exam will undergo a Job Process Update this year to stay current with emerging data privacy threats and technologies. The updated exam will reflect the new Exam Content Outline (ECO) as of 2 June, and the corresponding exam prep materials will be available 2 April.

Chart 2020 34%, 2025 20%
Domain 1

Privacy Governance
Chart 2020 36%, 2025 18%
Domain 2

Privacy Risk Management and Compliance
Chart 2020 30%, 2025 23%
Domain 3

Data Life Cycle Management
Chart New, 2025 39%
Domain 4

Privacy Engineering
ACCESS CURRENT EXAM PREP MATERIALS DOWNLOAD CURRENT EXAM CANDIDATE GUIDE
Illustration of a certificate on the wall with man in front

ISACA’S commitment

Since its inception in 2020, more than 16,000 people have obtained ISACA’s CDPSE certification of the expertise needed to assess, build and implement comprehensive privacy solutions. The domains, subtopics and tasks are the results of extensive research, feedback and validation from subject matter experts and prominent industry leaders from around the world.

Updated job practice areas tested for and validated by a CDPSE certification

20% DOMAIN 1 – PRIVACY GOVERNANCE

A—PRIVACY GOVERNANCE

  1. Personal Information
  2. Privacy Principles (e.g., Privacy by Design, Consent, Transparency)
  3. Privacy Laws and Regulations
  4. Privacy Documentation (e.g., Policies, Guidelines)

B—PRIVACY OPERATIONS

  1. Organizational Culture, Structure, and Responsibilities
  2. Vendor and Supply Chain Management
  3. Incident Management
  4. Data Subject Rights, Requests, and Notification

18% DOMAIN 2 – PRIVACY RISK MANAGEMENT AND COMPLIANCE

A—RISK MANAGEMENT

  1. Risk Management Process and Policies
  2. Privacy-Focused Assessment (e.g., Privacy Impact Assessment (PIA))
  3. Privacy Training and Awareness
  4. Threats and Vulnerabilities
  5. Risk Response

B—COMPLIANCE

  1. Privacy Frameworks
  2. Evidence and Artifacts
  3. Program Monitoring and Metrics

23% DOMAIN 3 – DATA LIFE CYCLE MANAGEMENT

A—DATA COLLECTION AND PROCESSING

  1. Data Inventory, Dataflow Diagram, and Classification
  2. Data Quality (e.g. Accuracy)
  3. Data Use Limitation
  4. Data Analytics (e.g., Aggregation, AI, Data Warehouse)

B—DATA PERSISTENCE AND DESTRUCTION

  1. Data Minimization
  2. Data Disclosure and Transfer
  3. Data Storage, Retention, and Archiving
  4. Data Destruction

30% DOMAIN 4 – PRIVACY ENGINEERING

A—TECHNOLOGY STACKS

  1. Infrastructure and Platform Technology (e.g., legacy, cloud computing)
  2. Devices and Endpoints
  3. Connectivity
  4. Secure Development Life Cycle
  5. APIs and Cloud-Native Services

B—PRIVACY RELATED SECURITY CONTROLS

  1. Asset Management
  2. Identity and Access Management
  3. Patch Management and Hardening
  4. Communication and Transport Protocols
  5. Encryption and Hashing
  6. Monitoring and Logging

C—PRIVACY CONTROLS

  1. Consent Tagging
  2. Tracking Technologies (e.g., cookie management)
  3. Anonymization and Pseudonymization
  4. Privacy Enhancing Technologies (PETs)
  5. AI/Machine Learning (ML) Considerations

SUPPORTING TASKS

  1. Identify internal and external requirements to develop and maintain the organization’s privacy programs.
  2. Review organizational programs to align with privacy related legal and regulatory requirements, industry best practices (e.g., privacy by design), and data subject’s expectations.
  3. Advise on data life cycle policies and practices to ensure privacy considerations for data governance.
  4. Design and evaluate the implementation of technical and operational controls for data classifications and data life cycle requirements.
  5. Perform privacy impact assessments (PIAs) and other privacy-focused assessments.
  6. Contribute to the integration of privacy principles (e.g., privacy by design) in the development of procedures and operational manuals for organizational needs.
  7. Collaborate with stakeholders to promote privacy principles (e.g., privacy by design) are followed during the design, development, and implementation of systems, applications, and infrastructure.
  8. Identify and assess privacy related threats and vulnerabilities.
  9. Contribute to the evaluation of contracts, service level agreements (SLAs), and privacy practices of vendors and other parties and subsequently monitor for compliance.
  10. Participate in the incident management process to address privacy impacts and support remediation.
  11. Collaborate with relevant stakeholders to address privacy compliance and risk response.
  12. Contribute to the evaluation of information architecture to support privacy by design principles and data considerations.
  13. Evaluate changes in regulatory landscape, emerging threats to privacy, and privacy enhancing technologies (PETs).
  14. Design, implement, and monitor processes and procedures to keep personal information inventory and dataflow records current and accurate.
  15. Advise on data classification for personal information to enable risk assessment and implementation of controls.
  16. Develop and monitor metrics to report on privacy program performance to relevant stakeholders.
  17. Advocate for advancing privacy posture and maturity as it aligns to the organizational objectives.
  18. Contribute to the development of educational content and conduct privacy training to promote a privacy aware culture.
  19. Promote accountability, fairness, and transparency throughout the data life cycle.

Getting ready for the exam

ISACA offers a variety of exam preparation resources including group training, self-paced training and study resources in various languages to help you prepare for your certification exam. Choose what works for your schedule and your studying needs.

Disclaimer: Please be advised that the CDPSE Exam Content Outline (ECO) will be updated effective 2 June 2025. Starting on 2 June 2025, the CDPSE Exam will reflect the new ECO. Updated preparation material for the new ECO will be available for purchase in April 2025. Purchase of this material will not grant you access to the newer version of the material at a later date. More detail here >

ACCESS ALL CDPSE EXAM PREP MATERIALS

ISACA glossary and CDPSE translations

Some CDPSE terms can be lost in translation. That is why ISACA has translated our CDPSE Terminology List into numerous languages, ensuring learners fully understand the materials. Please see the list of translations below. To learn more about key industry terms, please explore the ISACA glossary here.

Chinese Simplified |  German |  Spanish