Coming soon. This post is currently in research. The outline below shows the planned structure — bookmark this page or start a free FormaCV trial and we'll let you know when it publishes.
GDPR isn't going anywhere — and the EU recruitment sector saw $1M+ in regulatory fines in 2024-2025. This post covers exactly what GDPR requires for candidate CV processing in 2026, the difference between anonymization and pseudonymization, and which fields to strip vs keep when submitting to clients.
Planned outline
- Intro — why GDPR still matters in 2026 and the recent fines in the recruitment sector
- What GDPR actually requires (lawful basis, data minimization, right to erasure, DPA, residency, retention)
- What anonymization adds vs pseudonymization, and when it's required
- What to strip vs keep — field-by-field table for blind submissions
- Tools and workflow — manual vs automated, audit logs, controlled re-reveal
- Common mistakes — name in body, LinkedIn URL, PDF metadata, photo metadata
- Compliance checklist — DPA, residency, retention, sub-processors, audit logs
- FAQ — 10 questions covering data residency, retention, US tools, training opt-out
Want this published sooner?
If this topic is critical for your team, book a quick call and we'll prioritise it on the editorial calendar. We publish a new post roughly every two weeks.