I completed the online GDPR course last year but still have to do my exam. As the Office Manager of a biopharmaceutical company, I receive multiple CVs from jobseekers on a weekly basis. There is no ongoing or active recruitment process. These jobseekers just take a chance and send their CVs looking for a job. What is my obligation as the DPO of this company? What do I need to do with these CVs so that we remain compliant with GDPR? Any advice would be much appreciated.