Evolving privacy regulations and technology require companies to implement privacy by design and by default into products. According to ISACA’s Privacy in Practice 2021 study, most teams are understaffed in technical privacy roles and addressing this skill gap remains an ongoing challenge. Professionals seeking this highly-desirable privacy engineering career path can demonstrate their technical privacy expertise with the Certified Data Privacy Solutions Engineer (CDPSE) certification.
It has been several years since my last technical privacy exam (CIPP/IT, renamed to CIPT) and I wanted to validate my experience through an updated certification program. I chose CDPSE because of its comprehensive content coverage and was one of the first candidates who took the beta exam in January prior to its official rollout in April 2021.
Build your preparation strategy
Like other ISACA certification tests, CDPSE is a demanding exam and requires preparation, even for experienced privacy professionals. To build an effective study plan, perform a quick self-assessment of the exam content. The content is divided into three domains: Privacy Governance, Privacy Architecture, and Data Lifecycle. Go through each topic listed in the CDPSE exam content outline to identify areas you lack familiarity with and tag those as areas of focus. Allocate additional time for these topics in your study plan.
Leverage study aids and resources
Based on your study plan, leverage preparation aids that work best for you:
- Primary and Supplemental Books
- CDPSE Review Manual is the official ISACA “textbook” that covers the key domains of the exam. For beta test candidates, this was the only ISACA CDPSE prep resource available at the time and was my primary study material. This is a must-read to prepare for the CDPSE exam.
- Information Privacy Engineering and Privacy by Design: Understanding Privacy Threats, Technology, and Regulations Based on Standards and Best Practices 1st Edition by William Stallings is a good supplemental resource for understanding the foundational concepts of privacy, especially for early-career privacy professionals.
- The Privacy Engineer’s Companion: A Workbook of Guidance, Tools, Methodologies, and Templates 1st Edition by Michelle Finneran Dennedy, Jonathan Fox, Thomas Finneran, Lisa Bobbitt, and Michele Guel offers practical guidance implementing privacy by design for technical privacy professionals.
- Online Study Course: The CDPSE Online Review Course is a self-paced course that corresponds directly to the CDPSE exam content outline. It includes a self-pre-assessment section, e-learning modules, and a practice exam. While you will be able to navigate the course at your own pace, it takes about 22 hours to go through all the content.
- Practice Sample Questions: After reading the books or completing the online study course, spend time practicing sample questions. The CDPSE Review Questions, Answers & Explanations Database is a pool of 300 questions with answers and explanations. It includes a practice exam that you can use to mimic the feel of an actual exam and help with time management practice.
- Study Group and Exam Prep Forums: Discussing difficult questions and complex topics you encounter in your CDPSE prep with privacy practitioners is a great way to understand the topic in detail. Use forums to ask questions, answer practice exam questions, and share ideas to help successfully prepare for the exam. Create your own study group or leverage the Engage Privacy Community to start a thread to discuss CDPSE prep topics.
On the day of the exam
Check-in 10 minutes before your appointment begins for the online exam and follow the verification protocol as directed by the remote proctor. You may be asked to completely disconnect/cover monitors even though they are switched off.
Pace yourself and manage your time accordingly. There are 120 questions on the CDPSE exam, which must be completed in 3.5 hours. Use your allotted breaks to relax and regain focus.
Read each question carefully. Many ISACA questions require you to choose the appropriate answer based on a qualifier, such as “most likely” or “best.” These are especially tricky questions where eliminating known incorrect answers may not be possible at first glance.
Flag questions you are unsure about and come back to those after you have taken the first pass at all the questions. If time permits, take a few minutes for a quick break before attempting the second pass at flagged questions.
Good luck!
About the author: Nandita Rao is a Sr. Privacy Program Manager at DoorDash. She has 10 years of experience helping Fortune 500 companies build Privacy, Cybersecurity, and Information Governance programs. She holds an MS in Information Security from Carnegie Mellon University and CDPSE, CISM, CRISC, CISA, CIPT, and CIPM certifications. The postings on this site are the author’s own and don't necessarily reflect her employer’s positions or opinions on the subject.