Do you know how to protect your data when looking for a job? It is very common and we often have to propose corrective and improvement actions. And one of the most delicate moments for the security of personal information is during the job search. The curriculum vitae (CV), despite being an essential tool, can easily become a source of risks if it is not managed correctly. Whether you are a candidate or a receiving company, it is essential to understand how to protect the data included in it and how to comply with current regulations.
The first tip is clear: don't include more information than necessary. A common mistake is to include excessive personal data, such as your ID number, marital status, nationality, photographs or signatures. Not only are these details irrelevant in many selection processes, they can also become a gateway for crimes such as identity theft. With your full name, date of birth and ID number, someone with bad intentions can do a lot of damage. This should be avoided at all costs.
The same applies to data considered particularly sensitive by regulations, such as religious beliefs, sexual orientation, health data or political or union affiliation. This information, in addition to not having regular relevance for most jobs, is protected in a reinforced way by the General Data Protection Regulation (GDPR). Including it in a CV can pose an unnecessary risk for both the candidate and the company that receives it.
Another fundamental issue is to use secure channels to send your resume. Avoid doing so through dubious websites, forms without a security certificate, general emails or, worse, WhatsApp. It is also advisable not to attach it to public portals or professional social networks without controlling who can access it.
For companies, it is important to remember that receiving a CV entails legal responsibilities. Recipients are required to provide the candidate with all the information on how their data will be processed: who is responsible, for what purpose it is collected, for how long it will be kept, what rights the candidate can exercise and how they can do so. This information must be available in a clear and accessible way, and ideally should be part of the thank you or confirmation of receipt of the CV.
It is also important that companies commit to securely deleting CVs that are not considered for any selection process, especially if there is no explicit consent to retain them for future vacancies. The indefinite retention of personal data is contrary to the principles of the GDPR.
Ultimately, it is everyone's responsibility – candidates and companies – to contribute to a safer, more transparent and privacy-friendly work environment. Protecting resume data is not just a legal matter: it is a sign of respect and responsibility.
