Collect marketing email leads in a GDPR safe way

Online marketing – back to the (email) basics

With all of these constant changes, online marketing has actually gone full circle to its roots back in 1995, where email marketing and newsletters first took off. Sure, in the mid-2000s, there was a massive push to grow your social media presence on Facebook and other social networks. But marketers are turning back to the ol’ reliable email list.

Social networks keep changing their newsfeed algorithms, so it’s more and more difficult to reach an audience. And there you have it – small firms are back to growing their tried and true email marketing lists.
That’s where GDPR comes in – you need to be safe, especially if you combine email marketing with the newest online lead generation tools like quizzes.

Collecting email addresses – do I need to comply with GDPR?

If you hold data about your customers – even something as basic as an email list – you have to comply with GDPR. The same applies if you’re a start-up, a charity or if you’re just doing something for a hobby.
The bottom line? If you have other people’s personal information, you should comply – just to be safe.

But… my business is not even in Europe!
– The GDPR applies to any company worldwide – who is collecting data from people in the European Union. For example, if you’re an American company who has newsletter subscribers who live in Europe, you will need to comply with GDPR. It also applies if you store data in the European Union.

Safely supercharge your newsletter list with quizzes and leadforms

The good news? Quizzes are a super effective (and transparent) way to get people to opt-in to your email marketing list.
You won’t be surprised to hear this (reading this article on a quiz maker’s blog site after all) – but quizzes are a fantastic way to grow your newsletter subscriber list.
Because whether it’s a pop quiz or a personality test, the user is personally invested in the answers they provide – which translates to excellent response rates. Quizzes get up to 35-40% of all quiz takers who say ‘yes’ to get more emails from you.

This isn’t being sneaky or brewing up another version of the Facebook and Cambridge Analytica scandal. It is just effective marketing. The key is to use a GDPR-compliant quiz maker like, (you guessed it!) Riddle.
Be careful. Some (very famous) quiz maker sites collect personal data from their clients’ sites without permission.

But the bottom line? Riddle doesn’t do that – we only gather specific personal information in quizzes if your quiz taker chooses to fill in an in-quiz lead form.

Steps to be GDPR compliant with your quiz

Step 1: (Very) clear opt-in language:
Looking at the GDPR for small business, you need to ensure that consent is a clear and affirmative opt-in action (Like “Enter your email address for your free ebook and to sign up for our newsletter”).
Tell the user what they get (like an e-book) – in return for signing up.

Step 2: What will you do with each user’s information
You need to make very clear to the user what you intend to do with their email address or information. This is usually done via a link to your privacy policy just below the sign-up box.
Riddle’s quiz maker lets you included a required checkbox for your terms and conditions – so each lead can give clear consent to your use of their quiz and personal data for things like sending out targeted emails based on their quiz responses.

Key issues to avoid

Be clear (very clear!) with your opt-in language. Some sketchy companies try to confuse the user – so users think a no is actually a yes, or vice versa.
An infamous example? “If you do not want to not receive messages from our partners, do not tick the box.” (A head-scratching triple negative!)

Also, pre-ticked or unticked checkboxes are not allowed!
The rule of thumb? The user must make a clear, conscious action to sign up for something, not to avoid receiving something.

Where is your quiz data stored?

A key component of the GDPR has to do with data storage and who got access to your data. With Riddle, the overall data from your quizzes (such as total responses) is stored in your own private webspace on the Riddle site. This in turn is hosted on servers in Germany in a banking grade data center with backup servers in Luxemburg, so all the data is held in Europe. Most of the data you are collecting through our lead generation forms is also stored in your own private webspace. This storage is GDPR-compliant.

If you decide to include a lead generation form so people can sign up for your newsletter, you’re moving from an anonymous quiz experience towards collecting personal information. And that’s okay – Riddle is built to comply with the GDPR for small business clients.
You can use Riddle’s drag/drop form builder to quickly build an in-quiz lead form, collecting information such as ‘Person A answered questions 1, 2, 3 for Quiz 11343 in this order’. This type of data can safely be stored – either:

  • On the Riddle servers (using our ‘Save to Riddle’ option) in your own private webspace as Riddle encrypts all personal identifiable information
  • Store the data outside Riddle using any GDPR-compliant tool, including MailChimp, AWeber, ActiveCampaign, Google Sheets or your own data warehouse using our webhook.

More information on GDPR email compliance for small business

We hope you found it useful in navigating the GDPR for small business!

If we can ever answer any questions, please just ask us on our support chat or email (
Our founders will race our entire team to be first to respond – so we’re super quick to reply.

And signing off – here are some good links for additional information:

Scroll to Top