Hi,

I'm struggling with the GDPR consent process in ZoHo. I've run several test candidates and have either "consented" or "declined" to see what happens from my, and the candidates, point of view.  From the candidate perspective it's clean. It would be nice to be able to edit the message a candidate sees AFTER they choose consent or decline to make it more friendly and add branding but it's ok.

From my company perspective, it leaves us users in a slight predicament. I've spoken to the ICO today and if they were to audit us, they would want to see evidence of "express consent" from the candidate.

From what I can see in ZoHo, there is a confirmation that a candidate consented, under "Compliance Information", including a date and time but no actual evidence that I can show if asked. This is a legal requirement.

Also, there is a slight irony in the good work that has been put into ZoHo in that a declined candidate should really be deleted. If done properly and deleted then the "reactivate" button wouldn't even be there as the candidate should be erased completely and be unavailable to reactivate. I hope that makes sense.

We do need a way to demonstrate the consent we received though.It is critical for audit purposes. As we will need to regularly ask for consent then it would be good to have this function before the end of the first complete quarter after May 25th 2018.