Is the CDPSE Worth It?

Now that the GDPR has become the law of the land in most parts of the internet, companies and businesses that previously didn't care about online privacy are scrambling to create robust privacy programs and practices. Even in places where the EU's data protection regulation isn't the legal benchmark, it's still the status quo. IT professionals who can plan, manage, and execute data privacy regimes and programs are going to be increasingly valuable as time goes on. That's what the CDPSE delivers.

It’s not just the European Union, individual U.S. states are writing and passing laws that require companies that collect user information to store, use and process it according to specific and strict requirements. The CDPSE is an industry certification that proves to an employer you know how to create a data security program that will keep them safe legally and digitally.

What is the CDPSE?

The CDPSE stands for Certified Data Privacy Solutions Engineer. CDPSE is an industry certification maintained by ISACA. ISACA is the international professional association best known for their eight certifications in IT governance. Their vendor-agnostic certifications are often considered the gold standard for IT professionals who work with IT management and governance. 

The CDPSE from ISACA is an experience-based technical certification and when it debuted was the first of its kind. The CDPSE validates that an IT professional is able to implement privacy by design, enabling organizations to use privacy technology platforms and products with confidence. The CDPSE treats digital privacy like a holistic characteristic that can be applied to the entire organization's processes and production, regardless of what the company manufactures or sells.

The need for data privacy governance used to apply mostly to data companies and service providers only. But that's changed, and now companies that normally wouldn't have even supported an in-house IT team of their own are finding themselves in need of data security professionals with a certification like the CDPSE. Law firms, marketing companies, even retailers and manufacturers are now trying to find data security professionals to ensure their websites and data networks are safely handling PII. 

What Does the CDPSE Exam Test?

ISACA refers to the exam necessary for earning the CDPSE as simply the CDPSE exam. ISACA doesn't share much about the questions on the exam, but the CDPSE exam has three work-related domains:

• Domain 1: Privacy governance

• Domain 2: Privacy architecture

• Domain 3: Data lifecycle

Each of those domains depends on being able to build and implement privacy solutions that are closely aligned with unique organizational needs and goals. On top of answering the questions on the exam, you can't attain the CDPSE certification without three years of proven practical experience in the field of data security management. You can take the exam at any time, but must document your work experience in the data security field before you'll be eligible for the certification itself. You must also stay a member of ISACA in good standing to keep the certification.

How Much does the CDPSE Exam Cost?

The cost of the CDPSE exam is a little bit complicated because it depends on whether or not you're a member of ISACA. An ISACA membership costs $135, which comes with its own benefits. Attempting the CDPSE exam costs $575 for ISACA members and $760 for non-members. Once you pass the CDPSE exam, you have to pay a $50 application fee to apply to be vetted and certified. After all that, you still have to pay an annual maintenance fee of $45 for members and $85 for nonmembers to stay in good standing.

All told, it will cost an ISACA member $625 to earn the CDPSE certification and $45/year after that. For nonmembers, the CDPSE will cost $810 and $85 per year after that.

What Experience Do You Need for the CDPSE?

If you plan to earn the CDPSE, you need to have at least three years of experience in jobs that depend on three work domains. The three CDPSE domains are privacy governance, privacy architecture and data lifecycle.

Experience in the first domain, privacy governance, would be job responsibilities like identifying internal and external privacy requirements that are specific to the company's governance and risk management programs and practices. Privacy governance includes writing privacy policies that align with legal and regulatory requirements as well as industry best practices. You should have some experience developing, monitoring and reporting on performance metrics for privacy programs.

Experience in the second domain, privacy architecture, is more practically minded and more about technical skills around maintaining data security programs. You should have experience doing privacy impact assessments or developing privacy control procedures for specific programs. You should be able to evaluate an enterprise architecture and ensure that it supports privacy by design.

Experience in the third and final domain for the CDPSE, data lifecycle, is harder to describe because so much of the requirements are particular to individual companies, data types and sources. But earning the CDPSE means you're familiar with data purpose and data persistence principles. You'll need experience evaluating programs and ensuring they're maintaining data lifecycle considerations.

Experience in those three domains isn't just helpful for the exam – it's explicitly required from ISACA. Even if you pass the exam, you can't earn the certification without three years of experience working with privacy governance, privacy architecture and data lifecycle considerations.

Who Should Take the CDPSE?

The CDPSE is a broad certification that applies to IT/IS professionals in different capacities. Anyone who creates or implements privacy solutions should take the CDPSE. As should anyone who navigates those data privacy solutions to do their daily job. Good candidates for the CDPSE include consultants, data analysts and scientists, IT project managers, and privacy engineers.

Is CDPSE Worth It for Data Analysts and Data Scientists?

Yes, the CDPSE is worth it for data analysts and data scientists because so many of the tools and software you'll use in your daily life are governed by the practices and principles covered by the CDPSE. As time goes on and you navigate more databases that receive data from around the world, or as you retrieve the results of queries that draw from multiple sources, the burden of proving you're maintaining user security is going to increase.

Earning the CDPSE is a good idea for data analysts and scientists because it proves you're competent with maintaining IT privacy in addition to the more formal parts of your job.

Is CDPSE Worth It for IT Project Managers?

Yes, if you work as an IT project manager, the CDPSE is worth it to make sure you're steering your team members and projects in directions that are in keeping with your organization's data security policies and in accordance with applicable laws and policies. When you get pressured by leadership to pull off a new project or deliverable, you need to have data privacy considerations ready to go in your back pocket.

The CDPSE can help IT project managers keep their teams and their organizations compliant with data security regulations in cost-effective ways when they incorporate what they learned from the CDPSE into their projects.

Is CDPSE Worth It for a Privacy Engineer?

Yes, although privacy engineer is a relatively novel career, the CDPSE is one of the most common certifications for one to earn. That's because there might not be any better certification for proving your broad familiarity with the principles of privacy design and implementation than CDPSE. The CDPSE is a practical, skills-focused certification that proves your privacy programs and policies are cost-effective, efficient and beneficial.

Having the CDPSE will reduce friction between you and other cybersecurity personnel as you design or explain security risk assessment processes that address privacy compliance and risk mitigation. Privacy engineers can design network architectures and data frameworks that maintain data security principles. But privacy engineers with their CDPSE know how to design them so that their architectures pass inspections with flying colors and respond to updated privacy policies.

Is the CDPSE Worth It?

The CDPSE is an expensive certification. Earning the CDPSE doesn't just require that you prove years of on-the-job experience, it also means preparing for a challenging exam.  But for IT professionals who work with data, it's a very worthwhile certification. Earning the CDPSE is worth it because it demonstrates a commitment to understanding and maintaining the complex laws and regulations that companies know they need to follow but aren't sure how.

Using CDPSE to Learn Skills

The CDPSE certification is focused on validating technical skills and knowledge. It's not about certain vendors or technology, which is why it's such a valuable certification for learning data security maintenance skills.

Taking a CDPSE preparation course will necessarily cover data security governance, management and data lifecycle training that will make you a more capable and useful data professional. If you've worked on the technical end of implementing data security tools and technologies and want to move into a managerial and oversight role, the CDPSE can help you learn the skills necessary to move into that senior position. 

Using CDPSE to Validate Skills

The CDPSE is an advanced, specialized certification. That means that it's ideal for data security professionals with several years of experience who want to prove that they understand how to shape data security policies and govern data security architectures. 

The best use of the CDPSE is putting a cap on years of experience, demonstrating what you're capable of and, showing just how much you know about data security policy governance.