ISACA's privacy-engineering credential. The cert most often booked by Data Protection Officers, privacy engineers and security architects implementing PDPA, GDPR and the new MY PDPA 2024 amendments.
⏱Duration: 4 days / 32 hrs
💻Format: Instructor-Led + Privacy Sims
🌐Delivery: On-site · Virtual · Hybrid
✅Pass rate: 91%
📅Next intake: 3 Jun 2026
🔐
Privacy by design
Build privacy into systems from sprint zero
📋
PDPA + GDPR
MY PDPA 2024, GDPR, Singapore PDPA, Thailand PDPA mapped
CDPSE is ISACA's privacy-engineering credential. It is the cert most often booked by Data Protection Officers (DPO), privacy engineers, security architects and product engineers implementing privacy controls in systems, data warehouses and customer-facing platforms.
At Nexperts, CDPSE is delivered as a 4-day intensive that walks the three exam domains in real-world MY scenarios — e-commerce, banking, healthcare and SaaS. By day 4 you've designed privacy controls for a customer-data platform, run a DSAR (Data Subject Access Request) workflow, and defended a privacy-impact assessment.
MY's PDPA 2024 amendments — with mandatory data-breach notification, the new DPO requirement and direct-controller liability — made CDPSE a near-mandatory cert for privacy-engineering roles in regulated industries.
The 2024+ CDPSE update aligned with the MY PDPA 2024 amendments, the EU AI Act privacy provisions, and the post-Schrems-II cross-border-transfer landscape. We map every control conversation to PDPA 2024, GDPR and the BNM RMiT data-protection chapter.
Who should take this course
🔐
Data Protection Officers
Owning PDPA / GDPR compliance in MY enterprises. CDPSE is the engineering credential.
👨💻
Privacy engineers
Implementing privacy controls in code. CDPSE is the recognised credential.
📚
Security architects
Designing systems that touch personal data. CDPSE adds the privacy lens.
🏛
Compliance leads
Mapping PDPA 2024 into engineering requirements.
📈
Data governance leads
Owning data classification, retention and deletion at the enterprise level.
💼
Product managers
Building features that touch personal data. CDPSE builds privacy literacy.
Prerequisites
✓ 3 years of technical experience in 2 of the 3 CDPSE domains
✓ Domains: privacy governance, privacy architecture, data lifecycle
✓ Comfortable reading data-flow diagrams and consent flows
→ Don't yet have 3 years experience? You can sit the exam first; ISACA grants the cert when experience is verified within 5 years.
Course Curriculum
Three domains. Privacy by design.
CDPSE covers three exam domains: Privacy Governance (34%), Privacy Architecture (36%), and Data Lifecycle (30%). We deliver in design-time order with MY-context case studies.
Privacy Sims
8 sprints. Real MY privacy scenarios.
CDPSE is delivered as case-study workshops with hands-on tooling for de-identification, consent management and DSAR. By day 4 you've worked through MY-context scenarios across e-commerce, banking, healthcare and SaaS.
01
PDPA Gap
PDPA 2024 gap-analysis for a Klang Valley e-commerce.
Governance
02
Data Map
Build a data inventory and flow map for a customer-data platform.
Architecture
03
De-Identification
Design pseudonymisation for an analytics dataset.
Architecture
04
Consent
Design a granular consent flow that meets PDPA + GDPR.
Lifecycle
05
DSAR
Run a DSAR across 4 source systems with deadlines.
Lifecycle
06
Cross-Border
Design BNM-aligned cross-border transfer with SCCs.
Architecture
07
Breach Sim
Run a 72-hour breach-notification simulation.
Governance
08
DPIA
Build a Data Protection Impact Assessment for AI scoring.
Governance
+ 8 micro-tasks across NIST Privacy, ISO 27701 and PDPA 2024.
Exam Information
One exam. CDPSE.
CDPSE has one exam. 120 questions, 3.5 hours, scaled scoring. You need 450 / 800 to pass. The exam is heavy on architecture and lifecycle judgement.
CDPSE Exam
Questions120 multiple choice
Duration3.5 hours
Passing score450 / 800 (56%)
FormatPSI / online proctored
Validity3 years (CPE-renewable)
Industry avg pass rate~63% first attempt
Nexperts pass rate91% first attempt
Our 4-Mock Programme
01
Diagnostic
End of day 1. Sets the baseline. Average 49%.
02
Domain Drill
End of day 3. By-domain mock. Highlights weak areas.
03
Full Mock
End of day 4. Full timed simulation. 70%+ before booking.
04
Clearance
Week after class. Final clearance. 75%+ before booking.
0%
Pass Rate
91% of our CDPSE candidates pass on first attempt.
The ISACA global first-attempt rate for CDPSE sits around 63%. We hit 91% by drilling privacy-engineering on MY PDPA 2024 scenarios and gating booking on a clearance mock.
PDPA 2024 mappedPrivacy-engineering drill91% first attemptFree retake voucherISACA aligned
Why our pass rate is 91%
Industry average: ~63%
Most candidates can recite GDPR articles but cannot design a PET (privacy-enhancing technology) under timer. CDPSE questions demand engineering judgement.
Nexperts: 91%
We work privacy-design exercises for 60% of class time. We drill the architecture domain. We gate booking on a clearance mock. By exam day, privacy-by-design thinking is reflex.
Your Privacy Path
CDPSE pairs with CISM and CCSP.
CDPSE stacks naturally with CISM (security-management lens), CCSP (cloud-security lens) for SaaS workloads, or CISSP (breadth across all 8 security domains).
Expected salary range after CDPSE + 3 years experience: RM 10,500 – RM 17,500/month for DPO and privacy-engineering roles in MY enterprises and regulated industries.
Student Reviews
What our CDPSE graduates say.
4.8
★★★★★
52 reviews
5★
43%
4★
7%
3★
1%
★★★★★
"With PDPA 2024 effective, my company needed a DPO with engineering credibility. CDPSE was perfect — covered both governance and architecture, and the MY-context modules made it instantly applicable."
ZH
Zarith Hassan
DPO · AirAsia MOVE
✓ Passed first attempt (642/800)
★★★★★
"I came in as a security architect, left as a privacy engineer. The PET (privacy-enhancing tech) labs were the highlight — differential privacy and federated learning are now in our SaaS roadmap."
RD
Rahul Dasgupta
Privacy Engineer · Grab MY
✓ Passed first attempt (594/800)
★★★★
"Toughest of the ISACA depth certs for me — it sits between policy and engineering. Nexperts threaded that needle. Cleared on first sitting."
SK
Suria Kumari
Senior Compliance · Allianz MY
✓ Passed first attempt (572/800)
★★★★★
"DSAR drill was the single most useful exercise of my prep. Real-world DSAR is a nightmare across legacy systems — the lab forced us to architect for it."
BS
Brandon Soh
Lead Data Engineer · BoostMY
✓ Passed first attempt (688/800)
Copy page link
Share this course page with your team or save the URL for later.
