How to create a GDPR-safe quiz

Of course, you want to create a quiz to power your marketing funnel. But keep in mind that you have to comply with the EU’s GDPR.
In this guide, we summarize what to pay attention to if you want to create a GDPR-safe quiz with Riddle.
(We have already outlined why the GDPR needs to be considered and how Riddle is GDPR compliant in another blog post)

How to create GDPR-safe online quizzes

Attention with adding videos, images, or other content

Adding multimedia, such as videos, makes your online quiz much more effective. However, there are pitfalls to avoid.
You should avoid these three services: YouTube, Vimeo, Twitter

Now, being transparent, we do support these tools on Riddle. However, we give you a great deal of control over how users can opt out if they do not want to be tracked.
However, be warned – Twitter and YouTube are a bit sneaky. Even if users opt out of their standard tracking, these services istill load cookies and trackers that are at least debatable.

Want to use videos in quizzes while being completely GDPR-safe? We let you easily upload your own MP4 video files – they’ll be hosted on our Riddle servers, with absolutely zero dodgy tracking.

Collecting emails and personal data (lead generation)

Most online quiz maker tools include a way to collect quiz takers’ email and other personal information. Make sure each quiz creator manages all of this personal data safely! Some things to watch out for:

  • Do they ever store each lead and other info on their servers?
  • Many will let you send data to popular marketing software like MailChimp, ActiveCampaign, and more – but also keep a copy of the data on their servers.
  • If so, you will need to alert your users that their data will be also stored by your quiz maker.

Why is Riddle’s online quiz builder different?

We’ve set up our software and data architecture, so that your users’ data is never stored on our servers. Instead, they are passed directly to your favorite marketing software or CRM tool. That’s one less thing you need to worry about with your data privacy folks.

Things to consider

Ask for permission to store data and use DOI

By default, we (and most quiz maker companies) collect quiz responses along with the lead form. As an extra level of GDPR flexibility, we let you turn this on or off using the “Ask for permission to collect quiz responses” feature.
If this option is activated, Riddle will only save the quiz data along with the form data, if the user has given express consent for this. If consent is not given, you will see a “n/a” value in your lead download for the respective entry.
Sure, this will make the leads you collect less valuable, but if you come up with a good reason why the user should consent, you should be OK.
A good reason may be “Allow us to see your quiz answers, so we can provide you with a customized report about your quiz results” for example.
Also, make sure to turn on the options “Save lead data with Riddle” and use “Double-opt-in”

Save lead data to Riddle

The ‘Save to Riddle’ option obviously means your users’ data is stored on Riddle servers. This is the one time we do this – it’s designed to be an easy option for people who don’t want to send data to another email tool or marketing software.

If you choose not to save lead data on the Riddle servers, make sure to pick another save method that is GDPR-safe. Most popular e-mail marketing tools are U.S. based companies and probably problematic. When you store your lead data on our servers, we will encrypt that data and only you will be able to access it on your private space on our servers from where you can download it in CSV or Excel format and then import into a tool of your choice.
When storing leads with us, we also give you the ability to search for leads and permanently delete them – another key GDPR requirement (the right to be forgotten). You can also use our webhook to send leads to an endpoint of your choice (your in-house CRM system for example).

Facebook Pixel

Using the Facebook Pixel is controversial, in GDPR terms. We’d advise against using it.
However, if you must use a Facebook pixel with your quiz, we provide you with a safe method to do so. On the publish step of your riddle quiz, navigate to the ‘Extras’ section and enable the “Display a pixel warning overlay” option. This will stop the Facebook Pixel from loading until the user has given their consent. Make sure to adapt the opt-in text according to your local legal requirements around the GDPR.

If Facebook tracking is extremely important to you, you can also enable the option to not allow the user to even start the quiz without giving consent to your Facebook Pixel.

Social sharing

Check if the social sharing for your online quiz maker pre-loads code from each network – to facilitate tracking by these U.S. companies, even if users don’t click on the share message.
Our social sharing buttons are GDPR-safe as they do not load any code from the respective social network until the user clicks on them.
Many share buttons pre-load code from the social networks, which makes them unsuitable.

Riddle defaults that make your quiz GDPR safe

  • We serve all Google fonts from our own servers.
  • All lead data stored on our servers is encrypted.
  • We never add trackers or cookies – other than a necessary session cookie – to the quiz.
  • Our servers are in a banking grade data center in Germany, operated by ourselves with backups in Luxembourg.
  • We do not use Cloudflare or any other CDNs operated by U.S. companies. Our CDN is operated and managed by us and also located in Germany.

Any questions about the GDPR and creating a quiz?

Whew! Hope this overview helped you navigate how to create a quiz while staying GDPR-compliant.
If you have any questions, just ask us on support chat or write to hello@riddle.com – we’re always happy to help out.

If you want to create a GDPR-safe quiz, you now know what to consider and where you have to pay attention. If you want to test it out, you can create a quiz with Riddle in under 5 minutes!

Scroll to Top