$ 3,495
Virtual Live
Start April 27th, 2026
Course Overview
Privacy used to be a legal concern. Today, it's an engineering discipline. GDPR, CCPA/CPRA, HIPAA, state privacy laws, and a growing patchwork of international regimes have made privacy-by-design a mandatory property of every system that touches personal data — not an afterthought bolted on before launch. ISACA's Certified Data Privacy Solutions Engineer (CDPSE) is the first technically-focused privacy certification, validating your ability to implement privacy into the architecture, design, and data lifecycle of enterprise systems.
- This comprehensive exam prep program is delivered by Divergence Academy, an ISACA Accredited Training Organization (ATO), ensuring official curriculum alignment with the current CDPSE Job Practice. Participants progress through all three domains — Privacy Governance, Privacy Architecture, and Data Lifecycle — with a focus on the technical privacy-engineering judgment the exam rewards.
- Tools, Languages, and Frameworks Used
- The program covers the full CDPSE body of knowledge: privacy frameworks (NIST Privacy Framework, ISO/IEC 27701, GAPP), regulatory landscape (GDPR, CCPA/CPRA, HIPAA, PIPEDA, LGPD), privacy impact assessments (PIAs) and DPIAs, data-flow mapping, privacy-enhancing technologies (PETs) including encryption, tokenization, differential privacy, and pseudonymization, consent management, data minimization and retention, privacy-by-design and privacy-by-default patterns, and cross-border data transfer mechanisms. Participants also work through ISACA's official CDPSE Review Manual and QAE (Questions, Answers & Explanations) Database.
- Course Delivery Model
- CDPSE Prep is delivered through a blend of instructor-led lectures by ISACA-certified privacy practitioners, interactive case discussions framed around real-world privacy incidents and architecture decisions, hands-on data-flow and PIA exercises, and structured QAE practice sessions. Participants receive access to ISACA's official review materials and a cohort-based study cadence designed to build exam stamina and privacy-engineering judgment — not just recall.
Why CDPSE
Go Anywhere
CDPSE is the first technically-focused privacy certification from a globally recognized body — launched in 2020 and already held by a fast-growing population of privacy engineers, architects, and DPOs worldwide. As GDPR, CCPA/CPRA, and a growing list of U.S. state privacy laws (Colorado, Virginia, Connecticut, Utah, Texas, and more) create compliance demands across every industry, CDPSE travels with you into healthcare, fintech, SaaS, adtech, federal contracting, and any enterprise that processes personal data at scale.
Enables You
CDPSE validates that you can translate privacy law and policy into technical implementation — data-flow maps, architecture decisions, privacy-enhancing technologies, and lifecycle controls that actually satisfy regulators and auditors. It bridges the historic gap between legal/compliance privacy professionals and the engineers who build the systems. CDPSE is the credential that earns you a seat in architecture reviews, product design, and privacy-by-design programs.
Better Pay
Privacy engineering is one of the fastest-growing specialties in technology, and CDPSE holders command premium compensation reflecting that scarcity. ISACA's research and industry salary surveys consistently place privacy-skilled professionals among the highest-paid in the GRC field — often matching or exceeding security-only roles — as enterprises compete for the rare talent that can operationalize GDPR, CCPA/CPRA, and HIPAA simultaneously across engineering teams.
Achievement
CDPSE is the first technical privacy certification from a major global certification body, filling the gap between legal privacy credentials (like CIPP) and hands-on implementation work. It was recognized by ISACA as a flagship response to the privacy-engineering talent shortage and has been adopted as a preferred credential by enterprises building privacy-engineering functions. Earning CDPSE signals to CPOs, DPOs, CTOs, and regulators that you can close the loop between privacy policy and production code.
Program Outline
- Privacy Governance, Principles, and Regulatory Landscape (GDPR, CCPA/CPRA, HIPAA, LGPD)
- Privacy Frameworks (NIST Privacy Framework, ISO/IEC 27701, GAPP)
- Roles, Responsibilities, and Privacy Program Management
- Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs)
- Data-Flow Mapping and Inventory of Processing Activities
- Privacy-by-Design and Privacy-by-Default Architecture
- Privacy-Enhancing Technologies (Encryption, Tokenization, Pseudonymization, Differential Privacy)
- Identity and Access Management for Privacy
- Data Lifecycle: Collection, Use, Storage, Sharing, Retention, Disposal
- Consent Management and Individual Rights (DSAR, Erasure, Portability)
- Cross-Border Data Transfer Mechanisms (SCCs, BCRs, Adequacy)
- Third-Party and Vendor Privacy Risk Management
- Privacy Incident Response and Breach Notification
- QAE Practice Sessions and Exam Strategy Labs
Why Divergence
Beyond Content
Our cohort-based model ensures active social learning — not a solo march through recorded videos. Participants work through privacy architecture scenarios, debate PIA findings, and map real data flows alongside peers who bring perspectives from healthcare, fintech, SaaS, adtech, and federal privacy programs. You graduate having practiced CDPSE-level privacy-engineering thinking, not just read about it.
Beyond the Classroom
As an ISACA Accredited Training Organization (ATO), Divergence Academy delivers the official CDPSE Review curriculum with instructors who hold CDPSE and related ISACA credentials. You receive structured office hours, QAE coaching, exam strategy sessions, and application review support — guidance that extends past the final class into your exam date and beyond.
Beyond Certification
Divergence alumni span privacy engineers, DPOs, security architects, and GRC consultants — many working across healthcare, financial services, SaaS, and federal privacy programs. The CDPSE cohort plugs you into an active community of practitioners who continue sharing PIA templates, data-flow diagrams, and privacy-by-design patterns well after certification.
Beyond One Course
CDPSE pairs naturally with CISA (audit perspective), CISM (management focus), and CRISC (risk focus) for professionals building a full ISACA credential stack. It also complements legal-focused privacy credentials like IAPP's CIPP/CIPM, giving you both the legal and the technical side of privacy. Ask about our ISACA quad-cert track and privacy specialization bundles.
Certified Data Privacy Solutions Engineer (CDPSE) Prep
A cohort-based virtual live program that prepares you to pass the CDPSE exam and operate as a technical privacy engineer. This course goes beyond exam recall into the privacy-engineering judgment ISACA tests — how to translate regulation into architecture, map data flows that hold up under audit, select the right privacy-enhancing technologies, and embed privacy-by-design into the full data lifecycle. Includes ISACA official review materials, QAE database access, and the full three-domain curriculum mapped to the current CDPSE Job Practice.
Frequently Asked Questions (FAQs)
To sit for the CDPSE exam, ISACA requires no prerequisites — anyone may take the exam. However, to earn the CDPSE certification, you must document three (3) years of cumulative work experience in at least two of the three CDPSE domains (Privacy Governance, Privacy Architecture, Data Lifecycle), within the 10 years preceding application or within 5 years after passing the exam.
Note: Unlike CISA and CISM, CDPSE experience cannot be waived. However, qualifying experience is broader than many candidates realize — security engineers doing encryption and access control, data engineers doing lifecycle and retention, architects doing data-flow work, and compliance professionals doing PIAs all typically qualify under one or more domains.
For this course, Divergence recommends (not requires):
- At least 2 years of IT, security, data engineering, privacy, or compliance experience
- Familiarity with at least one privacy regulation (GDPR, CCPA/CPRA, HIPAA)
- Basic understanding of data flows, encryption concepts, and system architecture
Divergence Academy is an ISACA Accredited Training Organization (ATO) — you register directly with Divergence for the course, and separately with ISACA for the exam. Exam registration fees are paid to ISACA.
CIPP (IAPP) is the leading legal and policy privacy credential — it validates knowledge of privacy law, regulatory regimes, and program management. CDPSE is the leading technical privacy credential — it validates your ability to engineer privacy into systems, architectures, and data lifecycles. The two are highly complementary: CIPP tells you what the law requires; CDPSE tells you how to build it. Many senior privacy professionals hold both, and enterprises increasingly look for teams with coverage across both sides.
A CDPSE-certified professional designs and implements privacy controls in enterprise systems, conducts PIAs and DPIAs, maps and documents data flows, selects and deploys privacy-enhancing technologies, advises engineering teams on privacy-by-design, and partners with legal/compliance on regulator-ready privacy architecture. Typical titles include Privacy Engineer, Privacy Architect, Data Protection Officer (DPO), Security Architect (Privacy), Privacy Program Manager, and GRC/Privacy Consultant.
The exam covers 120 questions across three job practice domains:
- Privacy Governance — regulatory landscape, program management, policies, and organizational roles
- Privacy Architecture — infrastructure, applications, and technical privacy controls
- Data Lifecycle — data collection, use, storage, sharing, retention, and disposal
Virtual Live instructor-led, cohort-based. Sessions are delivered synchronously via Zoom with recordings available for review. Includes ISACA official CDPSE Review Manual access, QAE database subscription, live domain deep-dives, and exam strategy sessions. Delivered by Divergence Academy as an ISACA Accredited Training Organization.
Course tuition: $3,495 — all-inclusive, paid to Divergence Academy. Includes:
- ISACA official materials: One attempt CDPSE exam, CDPSE Review Manual, QAE (Questions, Answers & Explanations) database subscription, and ISACA Self-Study Online Review Course
- ISACA Membership (one year) — unlocks the ISACA member network, free CPE opportunities, and discounted rates on any future exam retakes
- Divergence Academy value-add: Access to our proprietary ISACA Governance Simulations platform — Socratic AI-driven 12-turn interview simulations that test privacy-engineering judgment across all three CDPSE domains, with 4-dimension scoring (priority, lens, evidence, boundary) and Mirror Moment blind-spot analysis. Not available anywhere else.
To maintain CDPSE, you must earn and report a minimum of 120 CPE hours every three-year reporting cycle, with at least 20 CPEs annually. The CDPSE Review course itself earns up to 14 CPEs (VILT) or 20 CPEs (online review). CDPSE awards up to one hour of CPE for every one hour of instructor-led training.
You can still take and pass the exam — your CISA certification simply remains pending until you document the required experience (within 5 years of passing). Many candidates use this window to take on IS audit or control-teYou can still take and pass the exam — your CDPSE certification simply remains pending until you document the required experience (within 5 years of passing). Many candidates use this window to move into privacy-engineering, data architecture, or DPO-support roles, knowing the exam is already behind them. Divergence instructors can advise on documenting qualifying experience across the three domains and identifying roles that accelerate eligibility.sting responsibilities, knowing the exam is already behind them. Divergence instructors can advise on experience-waiver documentation and career moves that accelerate eligibility.
AI in the flow of training
Train Smarter with the Simulator Platform
Mock assessments. Real-time feedback. Judgment under pressure — not just content recall.