Checklist: Is your quiz maker GDPR compliant?

Quizzes are powerful marketing tools for zero-party data collection. Done well, you can easily qualify leads and potential customers through emails and quiz responses.

However, the EU’s GDPR is here to stay. We created this GDPR quiz maker checklist to help you make sure you and your online quiz maker are compliant.

What is GDPR?

GDPR violation fines can be very high

Adopted in May 2020, GDPR was a major revolution in privacy and data protection regulations. Any site that collects personal information (name, email, even IP addresses) from EU visitors faces huge fines of up to 20 million euros ($23,000,000) – whether based in the EU or not.

Online quizzes are especially high-risk. They are proven winners at engaging site visitors – especially to collect emails and qualify potential customers. But collecting emails and personal data means you need to stay compliant with the latest data privacy rules.

Read on to explore our GDPR quiz maker checklist below. It covers key questions every website should ask their online quiz maker to make sure they comply with the GDPR. From servers to opt-ins and data protection, we cover the 17 factors you should look at to make sure your quiz maker is safe.

GDPR also inspired other privacy regulations around the world – including Canada’s PIPEDACalifornia’s CCPAChina’s PIPL, and many others.

The most common data privacy regulations

The good news is that these countries use GDPR as a model. By complying with GDPR, you should then automatically comply with these other regulations as well.

But, as with all things privacy-related, we encourage you to talk to your data protection officer or your legal team.

17 point GDPR checklist for quiz makers

Key steps to comply with GDPR:

  • Assign a designated data protection officer (DPO)
  • Use GDPR-compliant vendors and sub-contractors
  • Encrypt all personal data you collect and store
  • Store data ONLY in the EU

Quiz makers and GDPR – what to look out for

  • Does your quiz maker fully comply with GDPR?
    • You should screen them thoroughly. Most quiz makers claim they are GDPR compliant, but they are not.
    • For example, we reviewed one popular quiz maker and discovered they a) sent personal data to the USA, and b) added 60+ cookies and trackers to any content created with their tool.
  • Is there a clear opt-out process if you don’t want the quiz maker to collect data?
  • Does all personal data collected by your quiz maker have to stay in the EU?
  • Can you sign a data protection agreement (DPA) with the quiz provider (you can check out Riddle’s DPA here)?

Your responsibilities as a business owner

  • You must quickly erase a user’s data if they ask without ‘undue delay’ (generally in under a month).
  • You must promptly respond to inquiries from EU users about using their data.
  • You must report data breaches in under 72 hours.

Riddle is a 100% GDPR-compliant quiz maker

GDPR represents a fundamental reimagining of consumer privacy. It gives EU citizens significant control over their personal data, with the threat of significant financial penalties for companies that do not comply (including 2023 fines of 1.2 billion euros for Meta and 345 million euros for TikTok).

If you plan to use quizzes to engage your audience and collect zero-party data with your marketing, here are five reasons to trust

  •’s servers are all based in the EU (Germany and Luxembourg).
  • We do not use any external non-European cloud storage or software, so no personal data is ever sent outside the EU.
    • This passion for privacy extends to all of our tools – we even built our own internal billing software to avoid needing a cloud-based option.
  • We do not use Google Analytics or any other external tracking service in the Riddle embed code that we provide you with to run Riddles on your website.
  • By default, we do not track an individual’s data, only the anonymous, aggregated metrics (e.g. 732 people took the quiz. 251 answered question 1 as ‘A’, 158 as ‘B’, etc.).
  • does not drop cookies, collect IP addresses, or otherwise gather personal data from our quizzes or other content.
  • You decide if you want to collect your users’ responses, as well as name, email, and other personal information.
    • This data can be sent directly to your marketing software, without being stored on’s servers.
    • If you decide to also save this data on’s servers, it is double-encrypted so that only you can see it. No one from can view or access that data.

Take our GDPR quiz

There’s a great deal to see and remember about GDPR. We created this quick quiz to test your understanding of the key concepts – so you can feel more confident about using a quiz maker to engage and collect zero-party data from your audience.

If you have any further questions about using a quiz maker under GDPR, ask us!

We hope you find this checklist useful. There is a lot to consider when choosing an online quiz maker, from features and formats to ensuring it complies the latest data protection laws and regulations.

Disclaimer: The information provided in this article is for general informational purposes only and does not constitute legal advice. While we have extensive experience assisting leading publishers, brands, and sports organizations with their quiz marketing since 2014, we are not licensed attorneys. For advice regarding your specific legal situation, please consult with a qualified legal professional.

Scroll to Top