CDPSE Exam Glossary - 41 Terms

Search the terminology pack for Certified Data Privacy Solutions Engineer. Use these definitions with the study guide and practice questions.

Download App Study Guide Free Practice Exam

A

Applicable privacy laws: The specific privacy statutes and regulations that apply to an organization’s collection, use, storage, or sharing of personal data.
Asymmetric encryption: An encryption method using a public key for encryption and a private key for decryption to protect data exchange.
Attack surface: The total number of points where an unauthorized user could try to access or exploit a system.
Audit function: An independent organizational function that evaluates controls, processes, and compliance with privacy and regulatory requirements.

B

Big data initiative: A large-scale effort to collect, process, and analyze extensive datasets for decision-making or operational insights.

C

Ciphertext: Data that has been encrypted into an unreadable form to protect confidentiality.
Cloud service provider security policies and practices: The documented safeguards, operational controls, and privacy protections used by a cloud provider to secure hosted personal data.
Consent management: The process of obtaining, recording, updating, and honoring individuals’ permissions for personal data processing.

D

Data archiving: The process of moving data to long-term storage for retention, compliance, or business purposes.
Data at rest: Data stored on devices, databases, or other media when it is not actively moving across a network.
Data breach management response: The coordinated process for detecting, containing, assessing, notifying, and remediating a personal data breach.
Data discovery: The process of identifying where personal data exists, how it is used, and who has access to it.
Data in transit: Personal or other sensitive data while it is being transmitted between systems or applications.
Data minimization: A privacy principle requiring organizations to collect and use only the personal data necessary for a specific purpose.
Data retention: The policy or practice that defines how long personal data must be kept before deletion or archival.
Data sanitization: The process of securely removing or destroying data so it cannot be reconstructed or recovered.

E

Encryption: A protection method that transforms readable data into unreadable ciphertext so only authorized parties can access it.
Endpoint protection: Security and privacy measures applied to user devices such as laptops, desktops, and mobile devices.

G

Governance changes: Modifications to organizational authority, scope, roles, or oversight structures that can affect privacy management.

I

Incident response plan: A documented set of procedures for preparing for, responding to, and recovering from security or privacy incidents.
Inherent risk: The level of privacy or security risk that exists before controls or mitigations are applied.
Inventory of affected individuals and systems: A documented list of impacted people, devices, applications, or databases used to support breach assessment and notification.

L

Legal framework: The set of laws, regulations, and legal obligations that govern personal data processing activities.

N

Network traffic filtering: The control of inbound and outbound network communications based on predefined rules to prevent unauthorized data flows.

P

PII: Personally identifiable information that can identify, contact, or locate an individual directly or indirectly.
Privacy by design: An approach that embeds privacy requirements and controls into systems, processes, and products from the outset.
Privacy controls: Administrative, technical, or physical safeguards used to protect personal data and enforce privacy requirements.
Privacy governance: The framework of oversight, accountability, policies, and decision-making used to direct and manage an organization’s privacy program.
Privacy impact assessment: An assessment used to evaluate how a project or system affects personal data and whether privacy risks are adequately managed.
Privacy policy: A formal statement describing how an organization collects, uses, shares, retains, and protects personal data.
Privacy steering committee: A governance body that provides oversight, direction, and accountability for an organization’s privacy program.
Privacy threat modeling: A methodology for identifying, analyzing, and reducing risks to personal data by examining threats, vulnerabilities, and weak privacy controls.
Private key: The secret key in an asymmetric cryptographic pair used to decrypt data or create digital signatures.
Processing register: A formal record documenting personal data processing activities, purposes, categories, controls, and retention details.
Public key: The key in an asymmetric cryptographic pair that can be shared openly and used to encrypt data or verify signatures.
Purpose limitation: A principle stating that personal data should be collected for explicit, specified purposes and not used incompatibly later.

R

Regulatory compliance: The requirement to meet legal, regulatory, and industry obligations related to privacy and data protection.
Right to be forgotten: A data subject right allowing an individual to request erasure of personal data, subject to legal or public-interest exceptions.

S

Secure configuration: A system setup aligned with security and privacy best practices to minimize exposure and misconfiguration risk.
Software development life cycle: The structured sequence of phases used to plan, design, build, test, deploy, and maintain software systems.
System hardening: The process of reducing system vulnerabilities by disabling unnecessary services, closing unused ports, and applying secure configurations.

About These Definitions

These definitions are loaded from the shared release pack. Use them with the study guide and practice questions to connect vocabulary to exam scenarios.

Download App Read the full study guide Take the free practice exam