Background
A 12-person specialist recruiting agency based in the Netherlands had been building its blind hiring practice for two years. Their clients — primarily mid-size technology companies — were increasingly asking for evidence that candidate screening was free from demographic bias, and their own HR director had flagged a GDPR concern: forwarding complete CVs to multiple internal reviewers was creating unnecessary personal data exposure.
The agency was manually redacting CVs before panel distribution — a consultant would open each file in Word or Adobe, manually black out the name, address, and phone number, and save a new copy. The process was inconsistent, time-consuming, and produced no documentation that the redaction had actually occurred.
"We were spending 8-10 minutes per CV on manual redaction, and even then we weren't confident we'd caught everything. One of our consultants missed a LinkedIn URL in a batch of 30 CVs and we only noticed because a client mentioned the candidate's name in a meeting. That was the moment we knew we needed a proper solution."
Head of Operations, recruiting agency (anonymised)
The requirements
The agency evaluated several approaches. Their requirements were specific:
- No file uploads — their clients' CVs contain sensitive personal data; uploading to a third-party server would require a Data Processing Agreement and create additional GDPR obligations
- Batch capability — they needed to process 30-50 CVs at once for larger hiring rounds
- Audit trail — their DPO required documented evidence of what was redacted from each file
- Original PDF layout preserved — panel members needed to see the formatting of the CV, not a plain text version
- Dutch CV support — many candidates used Dutch formats including 06 phone numbers and 1234 AB postcodes
Why NullifyCV
After evaluating three alternatives — a PDF editor with manual redaction, a server-based anonymisation API, and NullifyCV — the agency chose NullifyCV for one primary reason: the zero-transmission architecture.
Because NullifyCV processes files client-side, the agency does not act as a data processor when using the tool — and NullifyCV does not act as a data processor either. No Data Processing Agreement was required. The candidate's personal data never left the agency's own devices.
The server-based API they evaluated would have required a DPA, added a third party to their data flow, and created a new breach notification obligation if that vendor suffered a security incident. The risk profile was unacceptable for a firm handling sensitive candidate data.
Implementation
The agency standardised on two redaction profiles:
| Profile | Used for | Targets removed |
|---|
| Client Submission | CVs sent to client hiring managers | Name, email, phone, LinkedIn, file metadata |
| Bias Strip | Internal panel review packs | All above + school names, graduation year, pronouns, location |
Their workflow for each hiring round:
Receive applications
Candidates submit CVs via email or job board. Files are saved to a local folder — never uploaded externally.
Batch process with NullifyCV Pro
The recruiter drops all CVs into the NullifyCV batch queue (up to 200 at once), selects the appropriate profile, and clicks Run. Processing takes approximately 28 seconds per file on average.
Download ZIP with audit log
The batch produces a ZIP file containing all redacted PDFs plus a JSON audit log documenting every PII item removed from every file.
Distribute to panel
Redacted PDFs are shared with the hiring panel. The audit log is filed with the agency's Records of Processing Activities.
Archive and delete
After the hiring decision, original CVs are deleted per the agency's 6-month retention policy. Because panel members only have the redacted versions, there's no need to track down and delete personal data from multiple inboxes.
Results after one quarter
In Q1 2026, the agency processed 847 CVs through NullifyCV across 23 active hiring rounds for 11 clients.
| Metric | Before NullifyCV | With NullifyCV |
|---|
| Time per CV redaction | 8-10 minutes | ~28 seconds |
| Consistency of redaction | Variable (manual) | Systematic (automated) |
| Audit documentation | None | JSON log per batch |
| Data transmitted to third parties | 0 bytes (manual) | 0 bytes |
| DPA required | N/A | No |
| Missed PII incidents | 3 known incidents | 0 |
"The time saving is significant — but what really matters is the audit log. Our DPO can now see exactly what was redacted from every CV we processed. When a client asks us to demonstrate our GDPR compliance, we have a documented answer. That wasn't possible before."
Head of Operations, recruiting agency (anonymised)
GDPR implications
The agency's DPO noted three specific GDPR improvements from the implementation:
- Data minimisation (Article 5(1)(c)): Panel members receive only the data necessary to assess candidates — skills, experience, and qualifications — with direct identifiers removed
- Records of Processing Activities (Article 30): The batch audit log provides documented evidence of systematic data minimisation for the RoPA
- Right to erasure (Article 17): Because panel members hold no personal data, erasure requests can be fulfilled by deleting the original CV from the recruiter's system — no need to track down copies across multiple inboxes
Key takeaway
The agency's experience demonstrates that blind hiring and GDPR compliance are not competing priorities — they're complementary. A systematic redaction workflow addresses both simultaneously: it removes bias signals for fairer screening and limits personal data distribution for regulatory compliance.
The zero-transmission architecture was the decisive factor. By processing files client-side, the agency avoided creating a new vendor relationship with GDPR implications — and maintained complete control over candidate data throughout the process.
Ready to implement blind hiring in your organisation?
NullifyCV Pro supports batch processing of up to 200 CVs at once, with GDPR-annotated audit logs your DPO can file directly. Files never leave your browser on any plan.
Note: This case study is based on a composite of typical NullifyCV use cases and illustrates realistic outcomes for a recruiting agency of this size. Quotes and specific metrics are representative rather than attributed to a named organisation. Results may vary depending on CV volume, file types, and redaction profiles used.