Could Your Candidate Pipeline Soon Be Illegal?
Could Your Candidate Pipeline Soon Be Illegal?

Could Your Candidate Pipeline Soon Be Illegal?

Starting a new recruiting process fresh for every new position is highly inefficient.

That’s why, to streamline recruitment, many companies leverage ‘candidate pipelines’: the process of collecting and maintaining a pool of potential candidates. When a role becomes available, companies can inform (and hire) qualified candidates faster.

Candidate Pipelines and Data Privacy

Candidate pipelines—also known as talent or recruitment pipelines—usually include:

  • Applicants who unsuccessfully applied for other roles within your company
  • Anyone who has expressed an interest in learning about future vacancies
  • Those referred by current employees

Although there are so many benefits of candidate pipelines, could they soon be a threat to your compliance?

Think about all the data your candidate pipeline houses:

  • Date of births
  • Gender information
  • Personal addresses
  • Phone numbers
  • Email addresses
  • And more

With new laws being put in place to protect personal data, it’s possible that your candidate pipeline could soon be illegal.

GDPR is Making its Way Across the Pond

The most important data privacy law to be aware of is the General Data Protection Regulation (GDPR), passed by the European Union in 2018. While GDPR only affects recruitment if a company is hiring employees who currently live in the EU, similar regulations are a hot topic in many American state legislatures—so it’s essential for HR leaders to be aware of what GDPR contains and how it could affect candidate pipelines.

What Does GDPR mean for Recruiters?

The GDPR strengthened and widened previous European data privacy laws, imposing big potential fines for non-compliance: up to 4% of global annual turnover or €20m ($21.7m), depending on which is higher. In 2019, Google was fined around $57 million for failing to disclose how it uses collected data.

Essentially, GDPR limits the data companies can keep without permission, requires companies to inform users about data collection, regulates the use of data and restricts how long data can be kept before it must be deleted.

As for recruiting, GPDR gives job candidates the right to:

  • Notification if (and for how long) their data is kept and why
  • Be told who will have access to their data
  • Be asked consent for data to be stored
  • Ask for access to their information
  • Download their information
  • Correct any incorrect information
  • Restrict how their data is used
  • Request that their data be removed

Click Here To See More On Recruiting Compliance In 2020

woman recruiting candidates into pipeline

How Can A Candidate Pipeline Remain Compliant?

If your company stores the data of candidates who are based in the European Union without their consent, then you are at risk of a big fine. However, it is possible to for candidate pipelines to comply with GDPR, if companies take certain measures:

  1. Companies must ask for consent. This can be done by explicitly asking candidates (by email or as part of the recruitment process) whether they accept that their details will be stored so that they can be considered for future vacancies, job alerts or other forms of communication. If consent is not explicitly given, the candidate’s details must be deleted when the position they applied for is filled.
  2. Companies must disclose exactly what they will do with this information and if any third-parties (e.g. those hired for the purposes of background screening) will be given the data.
  3. Companies must only retain candidate data for as long as is necessary.
  4. Companies must provide, correct or delete the relevant data if requested by the candidate.

State-Level Data Protection Laws

Since GDPR was enacted, US companies have feared similar legislation would soon be enacted at a state-level. And for good reason… In 2019, California and Nevada both passed post-GDPR privacy laws (with New York currently passing more data security laws with the potential of privacy laws being passed soon).

The California Consumer Privacy Act (CCPA)

The most prominent US-based data privacy legislation is the California Consumer Privacy Act (CCPA), applying to companies with at least $25m gross revenue offers similar protections to GDPR but with an emphasis on the right to know what data is used, rather than necessarily requiring consent.

Though effective January 1, 2020, there is a one year moratorium on regulations relating to data stored solely for employment reasons. But that doesn’t mean recruiters are entirely in the clear—you’re still obliged to inform candidates of what data you collect and big fines are still possible in the case of data breaches.

Hope for the Best. Prepare for the Worst.

So, while candidate pipelines are not currently illegal, it’s important to stay up-to-date if you want to avoid blind-side penalties. Now’s the time to ensure that you have consent for any candidate data you currently store and that procedures for collecting consent are integrated into your current recruitment process.

Keep Your Recruiting Compliant

Paycor Recruiting offers streamlined applicant tracking services while preventing compliance headaches. Data protection features include enabling you to capture candidate consent, label candidates who do not wish to be contacted, and easily delete records whenever required. To view our product, take a self-guided tour.

Take Tour

More to Discover

Demotion Letter Template

Demotion Letter Template

There’s nothing better than seeing employees thrive, but setbacks and slips in performance do happen. One way to address performance problems is a demotion. Sometimes, it’s necessary to take a step back before you can take two steps forward. Download Demotion Letter Template When is a Demotion Necessary? In an ideal world, there wouldn’t be demotions. They are a sign something’s wrong: it could be that an employee has failed to respond to a performance improvement plan or they could just be disengaged. A demotion is the last stop before termination. If you believe the person has potential and is worth investing in, then a demotion might be the best way forward. Demotions are risky, though. You could end up with an employee who is even...

Maximum PTO Accrual Letter

Maximum PTO Accrual Letter

Encouraging employees to use their vacation days can feel strange. After all, nobody wants to leave themselves under-staffed and the rest of their team over-worked. On the other hand, what if employees rarely ever, or even never, take time off? That’s been a question facing business owners this year, as vacation plans were delayed, then cancelled, and PTO built up like never before.One problem is, PTO payout laws can turn unused PTO into an unwanted financial liability. There’s also a risk of schedule chaos down the line as everyone tries to use their days up at once. Most worrying of all is that employees who go too long without a break, even by choice, risk ending up disengaged and burned out. Download Sample Maximum PTO Accrual Letter...

How Long to Keep Payroll Records

How Long to Keep Payroll Records

Running a business, you know that compliance isn’t just about being compliant—you also need to prove it. You never know when the IRS, the DOL or the EEOC will demand to see your paperwork, which is why it’s so important to retain payroll records. To make things more complicated, each agency has its own rules for which documents you have to keep and for how long. The good news is, you don’t have to buy more filing cabinets. HR software can automatically store everything you need, with the added benefit of simplifying the whole payroll process. Why You Need to Retain Payroll Records At a federal level, you’re keeping payroll records primarily for three agencies: The IRS The Department of Labor (Wage and Hour Division) The EEOC These...

Webinar: How to Meet 2021 Anti-Harassment Training & Policy Requirements - 1/28 @11AM ET

Webinar: How to Meet 2021 Anti-Harassment Training & Policy Requirements - 1/28 @11AM ET

This session is eligible for 1 HRCI and 1 SHRM credit.2021 has arrived. Have you trained your employees on anti-harassment requirements?Join our webinar for the latest updates on new and pending anti-harassment legislation and learn best practices for meeting (and exceeding) the mandates within your organization.Topics included are: - New training and policy requirements - Pending legislation - Key deadlines and effective dates for 2021 - How you can meet the mandates in 2021 Speaker: Jill AlbrechtJill Albrecht is a labor and employment law attorney, as well as a compliance subject matter expert. She is also a former shareholder at Littler, the world’s largest labor and employment law firm. Jill regularly conducts anti-harassment and...