I've just received an email from a recruitment agency of the next stage of recruitment process asking for a number of documents to be completed etc including a DBS check. They've sent it to 8 other candidates and I can quite clearly see all their email addresses along with mine (I can easily be identified from mine) - surely, this is a GDPR breach?
It is a breach but it is minor so the ICO would not do anything about it. You should report it to the agency so they can kick off their own internal process to find out how it happened and put in place steps to stop it happening again.
Realistically given it has caused you no real harm and you presumably need them help you in the job process I would just send a polite e-mail letting them know.