Last updated: June 2026.
CV anonymisation means removing personal identifiers — name, photo, contact details, date of birth, and similar attributes — from a candidate's CV before it is shared, so the reader evaluates skills and experience rather than identity. For recruiters it serves two purposes at once: GDPR data minimisation and fee protection. This guide covers the legal basis, what to redact, the manual and automated methods, and blind screening.
This is general guidance for recruitment practice, not legal advice. For decisions about your specific processing, consult your data-protection officer or legal counsel.
What does GDPR require when you handle candidate CVs?
A CV is personal data almost line by line, so processing it — storing, editing, forwarding to a client — falls under GDPR (and the UK GDPR after Brexit). Two principles do most of the work for recruiters. First, lawful processing: you need a valid basis for handling the candidate's data, which in agency recruitment is typically legitimate interest or the candidate's consent to be represented, and the candidate should understand who their CV will be shared with. Second, data minimisation: you should only pass on the personal data that is necessary for the purpose. The purpose of a client submission is "can this person do the job?" — and a photo, a birth date, or a home address contributes nothing to that question. Anonymising before submission is therefore not just defensible practice; it is the natural way to apply minimisation to the most common thing a recruitment agency does.
What should you redact from a CV?
The standard redaction set for a first-round, anonymised client submission:
| Redact | Why |
|---|---|
| Full name | Replace with initials or a candidate reference |
| Email, phone, home address | Contact routes through the agency; minimisation |
| Photo | Bias risk; not necessary for evaluation |
| Date of birth / age | Age-discrimination exposure |
| Nationality, marital status, dependants | Bias risk; right to work verified separately |
| Personal LinkedIn / portfolio URLs | Identity is one click away |
| Graduation years (optional) | Proxy for age in stricter blind-screening setups |
| Current employer name (sector-dependent) | Identifiable in small markets; replace with a description |
How far down this table you go depends on the client and the market. Contact details and photo are near-universal; redacting employer names matters in niche sectors where "Head of Risk at a Big Four firm in Leeds" identifies one person. The fuller submission-hygiene list — salary, references, formatting junk — is in what to remove from a CV before client submission.
How do you anonymise a CV manually — and what does it cost?
The manual method is straightforward and tedious: open the document, find and delete every identifier (including the ones hiding in headers, footers, file metadata, and hyperlink targets), replace the name throughout, remove the photo, check the file name itself, and re-export. Done properly — with a second pass, because a single missed mobile number in a footer defeats the entire exercise — it adds 10-15 minutes on top of the 20-40 minutes agencies already spend reformatting each CV into their branded template. At 200 submissions a month that is an extra 30-50 hours of consultant time, spent on the least billable activity in the building. Manual redaction also fails unpredictably: tracked changes left in DOCX files, text behind images, and metadata fields are classic leak paths that a rushed consultant will miss on a Friday afternoon.
How does automated CV anonymisation work?
Automated anonymisation folds the redaction step into the formatting step. FormaCV's anonymisation feature works at the template level: you configure once, per template, which fields are redacted — name, photo, contact details, date of birth, and the rest of the table above — and every CV formatted with that template comes out blind, branded, and ATS-safe in the same ~60-second pass, at $0.99 per CV. Because redaction is rule-based rather than eyeball-based, it does not degrade with volume or fatigue, and the audit log records what was processed — useful when a client or regulator asks how your anonymisation actually operates. FormaCV processes data with EU data residency and signs DPAs, which keeps the tool itself inside the compliance story rather than outside it. The same pass handles the rest of modern AI CV formatting: parsing the intake file, restructuring content, and applying your branding.
What is the difference between anonymisation and pseudonymisation?
The distinction matters because the two words get used interchangeably in recruitment and mean different things in data-protection terms. Pseudonymisation replaces identifiers with a key — "Candidate 4471" instead of a name — while the agency retains the mapping back to the person. The data is still personal data under GDPR, because re-identification is possible and intended; pseudonymisation is a risk-reduction measure, not an exit from the regulation. Anonymisation in the strict legal sense means the person can no longer be identified by anyone, by any reasonably likely means — a bar a CV almost never clears, since a detailed career history can identify someone even with the name removed. What recruiters call an "anonymised CV" is therefore, technically, a pseudonymised one. The practical consequence: blind CVs remain personal data, so the usual GDPR obligations — lawful basis, security, retention limits, DPAs with processors — continue to apply to them.
What are the common CV anonymisation mistakes?
Most anonymisation failures are leaks in places nobody looks. The recurring offenders: contact details repeated in the document header or footer while only the body copy gets redacted; DOCX files sent with tracked changes or comments still embedded, where the deleted name remains one click away; document metadata (author field, "last modified by") carrying the candidate's name; the file itself named "John_Smith_CV.docx"; and hyperlinks whose display text was redacted while the underlying URL still points to the candidate's LinkedIn profile. The subtler failure is over-redaction: stripping employer names, locations and dates so aggressively that the client cannot evaluate the career at all, which gets the submission rejected and the anonymisation policy blamed. The goal is zero identity signal and full professional signal. Rule-based automated redaction avoids the leak class entirely, because it processes the whole document — metadata, headers, file name — not just the text a tired human remembers to check.
What is blind CV screening and why does it work?
Blind screening takes anonymisation to its logical end: the people making shortlist decisions see skills, experience and achievements, with identity attributes systematically removed. The reasoning is well established — named CVs trigger unconscious associations about gender, ethnicity, age and background that have nothing to do with competence, and removing the trigger removes the shortcut. For agencies, offering blind submissions is increasingly a commercial differentiator rather than a compliance chore: enterprise clients with diversity commitments, public-sector buyers, and regulated industries ask for it explicitly in tenders and PSL reviews. The practical pattern is two-stage: anonymised CVs for shortlisting, identity revealed at interview stage once the evaluation of substance has happened. An agency that can switch any submission to blind format on demand — without a manual redaction scramble — is simply easier to buy from.
What are the UK and EU specifics?
In the UK, the UK GDPR and the Equality Act 2010 pull in the same direction: minimise the personal data you forward, and keep protected characteristics (age, race, sex, and the rest) away from selection decisions. The ICO's employment-practices guidance emphasises proportionality — collect and share what the recruitment purpose requires, no more. In the EU, GDPR applies directly, and habits differ by market: continental CVs (Germany, France, Spain) traditionally carry photos and birth dates, so agencies recruiting across borders end up redacting more, not less, from intake documents. EU pay-transparency rules are also tightening what can be asked and forwarded about salary history. For agencies serving both markets, the practical answer is one anonymisation standard set to the stricter end, applied by default, with EU data residency for the processing itself — which is how FormaCV is built to operate.
Where does anonymisation fit in the wider workflow?
Anonymisation works best as a built-in stage of your submission workflow, not a separate scramble before each send. The pipeline looks like: intake (any format — PDF, DOCX, LinkedIn export, call transcript) → restructure into the branded template → apply the template's anonymisation rules → ATS-safe export → submit. When the blind version is the default output, compliance stops depending on individual discipline, and producing the named version at interview stage is the deliberate act instead. The full pipeline, including branding and the client-submission checklist, is covered in CV formatting for recruiters; the commercial details of the redaction engine are on the anonymisation feature page.