ISACA CDPSE domain #2: Privacy architecture

September 21, 2021 by Graeme Messina

ISACA’s Certified Data Privacy Solutions Engineer (CDPSE) certification covers numerous privacy-related skills essential to cybersecurity and IT professionals. There are three ISACA CDPSE domains in total:

  1. Privacy governance
  2. Privacy architecture
  3. Data lifecycle

We will be looking at domain 2 of the CDPSE exam and its relation to privacy architecture, privacy architecture design and other exam objectives.

What is privacy architecture?

Privacy architecture in this context relates to infrastructure, applications/software and technical privacy controls. It teaches potential candidates how to conduct essential operations, such as privacy impact assessments, when developing or implementing a software application or infrastructure components to an environment. 

Tracking technologies and technical privacy controls form a large part of the toolset that privacy architecture requires. Tracking these technologies makes it possible to properly monitor and manage the privacy impact of different solutions implemented within an organization. Maintaining proper standards is difficult if you cannot track privacy controls, so tracking technologies and controls are essential. 

Many markets now have privacy requirements at the core of their operational models. This means that if privacy lapses or breaches are encountered, it may jeopardize the organization’s ability to do business in that region or market. 

Privacy architecture design techniques help build out technologies around existing products and services that handle user data. New products are built with these requirements in mind, with collaborative efforts from key staff that deal primarily with privacy concerns.

How will privacy architecture help my career?

Getting certified in data privacy and privacy architecture design will help you with vital skills needed to properly integrate privacy into the operations of a business. 

The CDPSE certification targets people who are either getting started in cybersecurity or are already established in the field and wish to further expand their knowledge to encompass important privacy skills.

These skills will help you coordinate and perform multiple assessments, such as privacy impact assessments (PIA) and other privacy-focused objectives vital for compliance. Modern businesses rely on individuals with compliance and privacy knowledge to help them navigate the often difficult regulations that are in place within various industries. 

To complicate things further, different regions have different regulations and privacy requirements. For companies to operate internationally, they have to have key players with deep privacy knowledge to maintain market compliance. 

Privacy architecture gives you the foundational tools to assist organizations with developing products, procedures and policies that are compliant with the relevant markets, giving companies the ability to maintain a presence there and continue with their operations.

You will learn how to implement appropriate tracking technologies and technical privacy controls that give the organization access to information while maintaining privacy and compliance.

With this certification, you can build a privacy architecture that aligns with policies and procedures for personal information, regulatory requirements and privacy policies. This further ensures privacy compliance and security risk mitigation, not to mention coordination of security risk assessments with cybersecurity personnel.

What’s covered in CDPSE domain 2 of the exam?

Those who successfully master domain 2 of the CDSPE exam should be able to:

  • Coordinate and/or conduct privacy impact assessments (PIA). This will allow you to make the proper recommendations to the teams developing and implementing technologies within the organization.
  • Ensure privacy control procedures are in line with privacy policies and business needs. 
  • Create procedures aligned with privacy policies for privacy architecture within the business.
  • Collaborate with cybersecurity personnel to ensure privacy compliance and risk mitigation.
  • Collaborate with other practitioners to ensure privacy throughout the design, development and implementation of systems, applications and infrastructure.
  • Ensure enterprise and information architecture adhere to privacy-by-design principles to maintain compliance and regulatory approval.
  • Evaluate technology advancements and changes and how they impact the regulatory environment and privacy.
  • Establish and validate privacy and security controls in accordance with data classification procedures.


Privacy controls have become a vital skill set in cybersecurity. Privacy architecture enables you to provide valuable insight into the privacy requirements of an organization while remaining cognizant of potential security implications. 

The CDPSE certification is an excellent starting point if you want to incorporate privacy into your existing security responsibilities. 



Posted: September 21, 2021
Graeme Messina
View Profile

Graeme is an IT professional with a special interest in computer forensics and computer security. When not building networks and researching the latest developments in network security, he can be found writing technical articles and blog posts at InfoSec Resources and elsewhere.