UP TO 50% OFF on Combo Courses!

ISACA CDPSE Domain 1: Privacy Governance

Certified Data Privacy Solutions Engineer (CDPSE) is a well-known certification accredited by ISACA to validate the skills required to design, assess, and implement privacy solutions. It helps to build customer and stakeholders’ trust and mitigates the risks of non-compliance. It also validates the Data Analyst’s or Data Scientist’s ability to maintain the data lifecycle and guide other departments of the organization on privacy compliance and the best data practices.

CDPSE Domain 1: Privacy Governance

Exam Details

Exam Details ISACA  CDPSE
Duration 210 minutes
Number of questions 120 questions
Exam format Multiple choice
Passing score 450 out of 800
Exam Languages English, Chinese, and Turkish

Domains of ISACA CDPSE:

The ISACA CDPSE exam consists of three domains:

This comprehensive blog is to explore and provide an overview of contents and concepts covered in ISACA CDPSE domain 1.

ISACA CDPSE Domain 1: Privacy Governance

Privacy governance is the first domain of CDPSE that covers 34% of the exam. It covers governance and management of privacy program concepts and how to perform risk management. Individuals and organizations require privacy governance skills to manage all aspects of privacy inside the organization. These abilities allow organizations to design and implement privacy policies, privacy programs, and legal and regulatory.

There are three sub domains under privacy governance.

  1. Governance
  2. Management
  3. Risk Management


Governance is a framework that includes policies, procedures, and rules organizations use to protect personal data and information from attacks. The following is the list of topics covered in this section.

  • Personal Data and Information: It defines an individual’s personal data and information and its importance.
  • Privacy Laws and Standards across Jurisdictions: It defines various privacy laws and standards the organization implements.
    1. Application of Privacy Laws and Regulations
    2. Privacy Protection Legal Models
    3. Privacy Laws and Regulations
    4. Privacy Standard
    5. Privacy Principles and Frameworks
    6. Privacy Self-Regulation standards
  • Privacy Documentation: The set of policies and procedures are documented for reference to maintain the privacy standards in an organization.
    1. Types of documentation: Privacy Notice, Consent Form, Privacy Policies, Records of Processing, Corrective Action Plan, Data Protection Impact Assessment, System of Record Notices, Personal Information Inventory, and other documentation.
  • Legal Purpose, Consent, and Legitimate Interest: This section defines the lawful basics of processing data. The individual gives consent to process the personal data for a specific purpose. Sometimes, personal data is used for processing without the individual consent to meet the particular purpose.
  • Data Subject Rights: This section covers the various data subject rights under GDPR, such as the Right to Access Personal Data, the Right to Restrict Data Processing, the Right to Data Portability, and other rights


Privacy Management helps the organization conduct privacy assessments, awareness training, and incidents that lead to unauthorized disclosure of personal data. This section covers the following concepts of management:

  • Roles and Responsibilities Related to Data
  • Privacy Training and Awareness
    1. Content and Delivery”
    2. Training Frequency
    3. Measuring Training and Awareness
  • Vendor and Third-Party Management
    1. Legal Requirements
    2. Management Procedures
  • Audit Process
  • Privacy Incident Management

Risk Management

Risk Management is defined as a process of identifying, assessing, and reducing the risks in an organization. This section covers the following concepts of risk management:

  • Risk Management Process
  • Problematic Data Actions Affecting Privacy
    1. Vulnerabilities
    2. Methods for Exploiting Vulnerabilities
    3. Privacy Harms and Problems
  • Privacy Impact Assessment (PIA)
    1. Established PIA methods in Canadian, UK, Singapore, and Philippines Governance
    2. NIST Privacy Risk Assessment Methodology
    3. EU GDPR DPIA Methodology

Concepts covered in CDPSE Domain 1: Privacy Governance

Domain 1 of CDPSE covers the concepts of privacy governance, privacy management and risk management. So, by the end of domain 1, you will be able to:

  • Identify the internal and external privacy requirements for the organization’s privacy governance and risk management practices and programs.
  • Participate in developing procedures that adhere to privacy policies and business requirements.
  • Participate in managing and assessing vendor and other external parties’ service levels, contracts, and practices.
  • Participate in the privacy incident management process.
  • Participate in evaluating privacy policies and programs to ensure they adhere to industry best practices and legal and regulatory requirements.
  • Collaborate with other professionals to ensure that privacy practices and programs are followed for designing, developing, and implementing applications, systems, and infrastructure.
  • Collaborate with cybersecurity experts on the security risk assessment to address risk mitigation and privacy compliance.
  • Develop and implement a prioritization process for privacy practices.
  • Develop, monitor, and report performance metrics and trends related to privacy practices.
  • Participate in privacy training and awareness programs on privacy practices.
  • Generate a report on the outcomes and status of privacy programs.
  • Coordinate or execute privacy impact assessments (PIA) and privacy-focused assessments.
  • Identify issues required for remediation and opportunities for process improvement.

Privacy governance is the most desirable skill required in fast-moving organizations that must prove the importance of privacy governance and regulations such as GDPR, which can impose severe financial and reputational impact on organizations that fail to implement privacy governance.

CDPSE training with InfosecTrain

InfosecTrain is a significant provider of Information Technology and Cybersecurity training that offers the CDPSE certification training course. Our well-experienced trainer helps you to get a complete understanding of data privacy and compliance concepts. Check out our CDPSE course for more information.


Emaliya Keerthana
Content Writer
Emaliya Keerthana working as a Content Writer at InfosecTrain. She likes to explore the latest technology. She writes on emerging IT-related topics and is passionate about sharing her thoughts through blogs.