Could Your Candidate Pipeline Soon Be Illegal?
Could Your Candidate Pipeline Soon Be Illegal?

Could Your Candidate Pipeline Soon Be Illegal?

Starting a new recruiting process fresh for every new position is highly inefficient.

That’s why, to streamline recruitment, many companies leverage ‘candidate pipelines’: the process of collecting and maintaining a pool of potential candidates. When a role becomes available, companies can inform (and hire) qualified candidates faster.

Candidate Pipelines and Data Privacy

Candidate pipelines—also known as talent or recruitment pipelines—usually include:

  • Applicants who unsuccessfully applied for other roles within your company
  • Anyone who has expressed an interest in learning about future vacancies
  • Those referred by current employees

Although there are so many benefits of candidate pipelines, could they soon be a threat to your compliance?

Think about all the data your candidate pipeline houses:

  • Date of births
  • Gender information
  • Personal addresses
  • Phone numbers
  • Email addresses
  • And more

With new laws being put in place to protect personal data, it’s possible that your candidate pipeline could soon be illegal.

GDPR is Making its Way Across the Pond

The most important data privacy law to be aware of is the General Data Protection Regulation (GDPR), passed by the European Union in 2018. While GDPR only affects recruitment if a company is hiring employees who currently live in the EU, similar regulations are a hot topic in many American state legislatures—so it’s essential for HR leaders to be aware of what GDPR contains and how it could affect candidate pipelines.

What Does GDPR mean for Recruiters?

The GDPR strengthened and widened previous European data privacy laws, imposing big potential fines for non-compliance: up to 4% of global annual turnover or €20m ($21.7m), depending on which is higher. In 2019, Google was fined around $57 million for failing to disclose how it uses collected data.

Essentially, GDPR limits the data companies can keep without permission, requires companies to inform users about data collection, regulates the use of data and restricts how long data can be kept before it must be deleted.

As for recruiting, GPDR gives job candidates the right to:

  • Notification if (and for how long) their data is kept and why
  • Be told who will have access to their data
  • Be asked consent for data to be stored
  • Ask for access to their information
  • Download their information
  • Correct any incorrect information
  • Restrict how their data is used
  • Request that their data be removed

Click Here To See More On Recruiting Compliance In 2020

woman recruiting candidates into pipeline

How Can A Candidate Pipeline Remain Compliant?

If your company stores the data of candidates who are based in the European Union without their consent, then you are at risk of a big fine. However, it is possible to for candidate pipelines to comply with GDPR, if companies take certain measures:

  1. Companies must ask for consent. This can be done by explicitly asking candidates (by email or as part of the recruitment process) whether they accept that their details will be stored so that they can be considered for future vacancies, job alerts or other forms of communication. If consent is not explicitly given, the candidate’s details must be deleted when the position they applied for is filled.
  2. Companies must disclose exactly what they will do with this information and if any third-parties (e.g. those hired for the purposes of background screening) will be given the data.
  3. Companies must only retain candidate data for as long as is necessary.
  4. Companies must provide, correct or delete the relevant data if requested by the candidate.

State-Level Data Protection Laws

Since GDPR was enacted, US companies have feared similar legislation would soon be enacted at a state-level. And for good reason… In 2019, California and Nevada both passed post-GDPR privacy laws (with New York currently passing more data security laws with the potential of privacy laws being passed soon).

The California Consumer Privacy Act (CCPA)

The most prominent US-based data privacy legislation is the California Consumer Privacy Act (CCPA), applying to companies with at least $25m gross revenue offers similar protections to GDPR but with an emphasis on the right to know what data is used, rather than necessarily requiring consent.

Though effective January 1, 2020, there is a one year moratorium on regulations relating to data stored solely for employment reasons. But that doesn’t mean recruiters are entirely in the clear—you’re still obliged to inform candidates of what data you collect and big fines are still possible in the case of data breaches.

Hope for the Best. Prepare for the Worst.

So, while candidate pipelines are not currently illegal, it’s important to stay up-to-date if you want to avoid blind-side penalties. Now’s the time to ensure that you have consent for any candidate data you currently store and that procedures for collecting consent are integrated into your current recruitment process.

Keep Your Recruiting Compliant

Paycor Recruiting offers streamlined applicant tracking services while preventing compliance headaches. Data protection features include enabling you to capture candidate consent, label candidates who do not wish to be contacted, and easily delete records whenever required. To view our product, take a self-guided tour.

Take Tour

More to Discover

Paycheck Protection Program (PPP): What You Need to Know About Payroll Protection

Paycheck Protection Program (PPP): What You Need to Know About Payroll Protection

You need payroll protection. The federal government wants to help. Here’s what you need to know. The Paycheck Protection Program (PPP) As part of the $2 trillion aid package unveiled in the Coronavirus Aid Relief & Economic Security (CARES) Act, $349 billion was dedicated to the Payment Protection Program (PPP). This offers federal guaranteed loans to businesses with fewer than 500 employees to cover payroll and other essential costs.The federal government is focused on releasing funds quickly and with as little red tape as possible, giving small businesses a big boost right when they need it. And here’s the best part—if you use the funds to retain (or rehire) your employees, the loans don’t need to be repaid.View Payroll Protection...

Paycor's COVID-19 Command Center

Paycor's COVID-19 Command Center

We're excited to announce the release of Paycor's COVID-19 Command Center, a new analytics solution that delivers instant insights for crisis management. With the COVID-19 Command Center, you'll be able to: Prepare with real time insights Plan with actionable data Respond with the help of HR experts Recover quickly by playing the long game now Discover how your organization can make the best possible decisions with real time data, actionable insights and expert HR counsel.

Families First Coronavirus Response Act: Tips to Manage Employee Leave Scenarios

Families First Coronavirus Response Act: Tips to Manage Employee Leave Scenarios

Coronavirus Response Act On March 18 the Families First Coronavirus Response Act was enacted to help individuals, families and businesses. The legislation requires employers with under 500 employees to give sick leave and paid family medical leave to eligible employees.Eligible businesses are now able to take advantage of new tax credits to offset the costs associated with paid emergency leave and sick leave benefits implemented under the bill, including credit for health plan expenses affiliated with the new leaves. Below is a list of scenarios your employees may experience during this time. Scenario 1 A full time employee is sick and believes they might have COVID-19. The employee is visiting a doctor to seek a medical diagnosis and...

Late Breaking News: Government Approves Remote I-9 Review Due to COVID-19

Late Breaking News: Government Approves Remote I-9 Review Due to COVID-19

Form I-9 Review: Key Details On Friday March 20, 2020, the Department of Homeland Security (DHS) announced it would relax its standards for I-9 document verification amid the coronavirus outbreak.Employers with employees taking physical proximity precautions due to COVID-19 will not be required to review the employee’s identity and employment authorization documents in the employee’s physical presence. This provision only applies to employers and workplaces that are operating remotely. If there are employees physically present at a work location, no exceptions are being made at this time to review and verify documents in person. Remote Inspections Employers taking physical proximity precautions must inspect the physical documents...