regexresume parsinggdpruk online safety actpythondata minimizationcontact extraction

Pre‑compiled patterns – versioned for audit

By Maria José González Antelo· July 15, 2026
Pre‑compiled patterns – versioned for audit

H1: Precision‑First Contact Parsing for AI Hiring Tools: Regex Patterns Compliant with 2024 GDPR & UK Online Safety Act


Why Regex Matters for Contact Extraction

In creator‑economy hiring pipelines, raw resume text is the entry point for AI‑driven matching. Precise extraction of contact fields enables downstream enrichment (e.g., candidate scoring, interview scheduling) without over‑collecting personal data. Regex offers deterministic, low‑latency parsing that can be audited for compliance.

GDPR‑Aware Design Principles

  1. Data Minimization – Capture only what is necessary for the hiring workflow (email, phone, professional profile URLs).
  2. Purpose Limitation – Store extracted fields separately from raw resume text; delete raw text after parsing unless a lawful basis exists for retention.
  3. Transparency – Log the regex version and pattern used for each extraction to enable audit trails.
  4. Security – Apply the same encryption and access controls to parsed contact data as to any personal data.

UK Online Safety Act Implications

The Act requires platforms hosting user‑generated content to prevent the spread of illegal material and to protect users from harm. For hiring tools, this translates to:

  • Ensuring parsed contact data is not used to facilitate harassment or unlawful profiling.
  • Implementing robust validation to store or process contact data originates from a legitimate recruitment purpose, verified via API keys and OAuth scopes.
  • Maintaining records of consent or legitimate interest assessments, demonstrable to regulators.

Sample Regex Library (Python 3.11+)

import re
from dataclasses import dataclass
from typing import Optional

@dataclass
class ContactInfo:
    email: Optional[str] = None
    phone: Optional[str] = None
    linkedin: Optional[str] = None
    github: Optional[str] = None

# Pre‑compiled patterns – versioned for audit
_EMAIL_RE = re.compile(
    r"""(?i)
    \b
    [A-Z0-9._%+-]+          # local part
    @
    (?:[A-Z0-9-]+\.)+       # domain subparts
    [A-Z]{2,}               # TLD
    \b
    """,
    re.VERBOSE,
)

_PHONE_RE = re.compile(
    r"""(?:\+?\d{1,3}[\s-]?)?   # country code
    (?:\(?\d{2,4}\)?[\s-]?)?   # area code
    \d{3,4}[\s-]?\d{3,4}       # subscriber number
    """,
    re.VERBOSE,
)

_LINKEDIN_RE = re.compile(
    r"""(?i)
    https?://
    (?:www\.)?linkedin\.com/
    (?:in|pub)/[A-Za-z0-9_-]+/?  # profile slug
    """,
    re.VERBOSE,
)

_GITHUB_RE = re.compile(
    r"""(?i)
    https?://
    (?:www\.)?github\.com/
    [A-Za-z0-9_-]+/?  # username
    """,
    re.VERBOSE,
)

def extract_contact(text: str) -> ContactInfo:
    """
    Return a ContactInfo instance with the first match for each pattern.
    Returns None for fields not found.
    """
    email = _EMAIL_RE.search(text)
    phone = _PHONE_RE.search(text)
    linkedin = _LINKEDIN_RE.search(text)
    github = _GITHUB_RE.search(text)

    return ContactInfo(
        email=email.group(0) if email else None,
        phone=phone.group(0) if phone else None,
        linkedin=linkedin.group(0) if linkedin else None,
        github=github.group(0) if github else None,
    )

Usage Example

resume = """
Hi, I'm Alex Martinez.
You can reach me at alex.m@example.com or +44 7911 123456.
My LinkedIn: https://www.linkedin.com/in/alexmartinez
GitHub: https://github.com/alexm
"""

contact = extract_contact(resume)
print(contact)
# ContactInfo(email='alex.m@example.com', phone='+44 7911 123456',
#             linkedin='https://www.linkedin.com/in/alexmartinez',
#             github='https://github.com/alexm')

Integration in CVChatly’s AI‑Driven Pipeline

At CVChatly we embed extract_contact as the first stage of our serverless resume‑parsing Lambda (AWS Lambda + API Gateway). The function runs within a VPC‑isolated execution role, writes the ContactInfo DynamoDB item encrypted at rest, and immediately scratches the raw resume text from memory. Audit logs capture the regex version (v2024.09) and a hash of the input, satisfying both GDPR accountability and the UK Online Safety Act’s record‑keeping duty.

Best Practices & Pitfalls

| Practice | Reason | Pitfall to Avoid | |----------|--------|------------------| | Version‑control regex patterns | Enables reproducibility & regulator‑requested audits | Hard‑coding patterns in inline strings without documentation | | Limit captured groups to the exact field | Prevents accidental leakage of surrounding text | Using greedy .* that pulls in unrelated sentences | | Validate after regex (e.g., email syntax with email‑validator) | Catches false positives from noisy layouts | Assuming a match equals a valid contact | | Store only extracted fields; delete source after processing | Implements data minimization | Retaining raw PDFs indefinitely “just in case” | | Log extraction outcomes (success/failure) per request | Supports impact assessments under Art. 30 GDPR | Skipping logs, hindering breach investigations |


Author Bio Maria José González Antelo is a CPO and ICT Project Director with over 20 years of experience leading AI‑powered product strategies and compliance‑first architectures. She specializes in translating complex regulatory requirements into scalable, secure technical solutions for platforms serving millions of users. Connect with her insights at https://www.cvchatly.com.

Pre‑compiled patterns – versioned for audit · CVChatly