Could Your Candidate Pipeline Soon Be Illegal?
Could Your Candidate Pipeline Soon Be Illegal?

Could Your Candidate Pipeline Soon Be Illegal?

Starting a new recruiting process fresh for every new position is highly inefficient.

That’s why, to streamline recruitment, many companies leverage ‘candidate pipelines’: the process of collecting and maintaining a pool of potential candidates. When a role becomes available, companies can inform (and hire) qualified candidates faster.

Candidate Pipelines and Data Privacy

Candidate pipelines—also known as talent or recruitment pipelines—usually include:

  • Applicants who unsuccessfully applied for other roles within your company
  • Anyone who has expressed an interest in learning about future vacancies
  • Those referred by current employees

Although there are so many benefits of candidate pipelines, could they soon be a threat to your compliance?

Think about all the data your candidate pipeline houses:

  • Date of births
  • Gender information
  • Personal addresses
  • Phone numbers
  • Email addresses
  • And more

With new laws being put in place to protect personal data, it’s possible that your candidate pipeline could soon be illegal.

GDPR is Making its Way Across the Pond

The most important data privacy law to be aware of is the General Data Protection Regulation (GDPR), passed by the European Union in 2018. While GDPR only affects recruitment if a company is hiring employees who currently live in the EU, similar regulations are a hot topic in many American state legislatures—so it’s essential for HR leaders to be aware of what GDPR contains and how it could affect candidate pipelines.

What Does GDPR mean for Recruiters?

The GDPR strengthened and widened previous European data privacy laws, imposing big potential fines for non-compliance: up to 4% of global annual turnover or €20m ($21.7m), depending on which is higher. In 2019, Google was fined around $57 million for failing to disclose how it uses collected data.

Essentially, GDPR limits the data companies can keep without permission, requires companies to inform users about data collection, regulates the use of data and restricts how long data can be kept before it must be deleted.

As for recruiting, GPDR gives job candidates the right to:

  • Notification if (and for how long) their data is kept and why
  • Be told who will have access to their data
  • Be asked consent for data to be stored
  • Ask for access to their information
  • Download their information
  • Correct any incorrect information
  • Restrict how their data is used
  • Request that their data be removed

Click Here To See More On Recruiting Compliance In 2020

woman recruiting candidates into pipeline

How Can A Candidate Pipeline Remain Compliant?

If your company stores the data of candidates who are based in the European Union without their consent, then you are at risk of a big fine. However, it is possible to for candidate pipelines to comply with GDPR, if companies take certain measures:

  1. Companies must ask for consent. This can be done by explicitly asking candidates (by email or as part of the recruitment process) whether they accept that their details will be stored so that they can be considered for future vacancies, job alerts or other forms of communication. If consent is not explicitly given, the candidate’s details must be deleted when the position they applied for is filled.
  2. Companies must disclose exactly what they will do with this information and if any third-parties (e.g. those hired for the purposes of background screening) will be given the data.
  3. Companies must only retain candidate data for as long as is necessary.
  4. Companies must provide, correct or delete the relevant data if requested by the candidate.

State-Level Data Protection Laws

Since GDPR was enacted, US companies have feared similar legislation would soon be enacted at a state-level. And for good reason… In 2019, California and Nevada both passed post-GDPR privacy laws (with New York currently passing more data security laws with the potential of privacy laws being passed soon).

The California Consumer Privacy Act (CCPA)

The most prominent US-based data privacy legislation is the California Consumer Privacy Act (CCPA), applying to companies with at least $25m gross revenue offers similar protections to GDPR but with an emphasis on the right to know what data is used, rather than necessarily requiring consent.

Though effective January 1, 2020, there is a one year moratorium on regulations relating to data stored solely for employment reasons. But that doesn’t mean recruiters are entirely in the clear—you’re still obliged to inform candidates of what data you collect and big fines are still possible in the case of data breaches.

Hope for the Best. Prepare for the Worst.

So, while candidate pipelines are not currently illegal, it’s important to stay up-to-date if you want to avoid blind-side penalties. Now’s the time to ensure that you have consent for any candidate data you currently store and that procedures for collecting consent are integrated into your current recruitment process.

Keep Your Recruiting Compliant

Paycor Recruiting offers streamlined applicant tracking services while preventing compliance headaches. Data protection features include enabling you to capture candidate consent, label candidates who do not wish to be contacted, and easily delete records whenever required. To view our product, take a self-guided tour.

Take Tour

More to Discover

What are Supplemental Unemployment Benefits?

What are Supplemental Unemployment Benefits?

Reductions in force are unavoidable in economic downturns, but are traditional severance packages the way to go? They can be a big hit to your company’s cash flow and are subject to payroll taxes. The tax-friendlier option, Supplement Unemployment Benefits plans (SUBS), can spread out costs and deliver the same value for the employee, too. How Do Supplemental Unemployment Benefits Plans Work? SUBs got popular in the ‘50s as a way to help workers in industries with cyclical employment patterns get a more steady income. SUBs were often fought for in collective bargaining agreements. They’re growing in popularity again across industries. Under a SUB plan, in the event of a Reduction in Force (RIF) or temporary unemployment due to training,...

Take Our HR Benchmarking Quizzes

Take Our HR Benchmarking Quizzes

Paycor's research shows that 75% of high-functioning HR teams spend their time on mastering key pillars of HR excellence. Want to know how your team stacks up against others? Take our benchmarking quizzes to find out and get customized action plans based on your results. Recruiting Benchmark Quiz Benefits Benchmark Quiz Labor Costs Benchmark Quiz People Management Benchmark Quiz Compliance Benchmark Quiz

Remote Work Policy - Information Security Template

Remote Work Policy - Information Security Template

To make remote work successful, HR needs to think through risk mitigation policies, especially if it’s new to your organization. One of the biggest issues to consider is information security. It’s important that your remote workers know what to do in case of a security breach or data loss. Download Remote Work Information Security Policy Template Why Information Security is Important for a Virtual Workforce Protecting your company’s data (and the data of your clients) is hard enough when everyone’s working in the same office. It gets more difficult in a distributed, virtual environment. When an employee is offered the opportunity to work remotely, you may want them to sign an initial work from home agreement covering the general...

COVID-19 ADA Requirements

COVID-19 ADA Requirements

UPDATE JUNE 22: Updated EEOC guidance states that “requiring antibody testing before allowing employees to re-enter the workplace is not allowed under the ADA”. What is the ADA? The Americans with Disabilities Act (ADA) is a federal law that provides protection to disabled workers. The ADA prohibits employers from discriminating against employees on the basis of a physical or mental disability. This legislation applies to any business with at least 15 employees and prohibits discrimination against those with disabilities in all aspects of employment. How does the Coronavirus pandemic impact ADA compliance? Short answer, we don’t know yet. The Americans with Disabilities Act (ADA): The Basics The ADA broadly prohibits discrimination in...