We prepared this guide as a summary of the key areas to focus on if you want to create GDPR-compliant interactive content with Riddle’s quiz maker. In 2025, GDPR-compliance is more important than ever, with TikTok being fined €530 million and Google €200 million – and over €6.7 billion in fines since 2018.
Interactive content like quizzes, polls, personality tests, and mini-games are powerful engagement tools. But they are equally useful for collecting personal data from users for lead generation, contests, leaderboards, and more.
However, collecting personal information (PII) is serious business. To keep your business GDPR-compliant content, it’s crucial to follow the guidelines below.
Adding videos, images, or other content
Adding multimedia, such as videos, makes your online content much more effective. However, there are pitfalls to avoid since many services will collect personal data from your audience.
In particular, you should avoid these three services:
- YouTube
- Vimeo
- X (Twitter)
If you are using these services, it’s crucial ask the user for permission to load the content as these tools will load a cookie.
To make this easy for you, Riddle lets you create and show a permission screen before content from these networks is loaded.
Check out this help article to learn how to use this feature.
Want to use videos in your Riddle?
We recommend uploading MP4 video files, as they will be hosted on our Riddle servers. Riddle will not set any cookies or trackers because we value your and your quiz takers’ privacy, ensuring GDPR compliance in your multimedia content.
(Plus they also look much better – without YouTube, Vimeo, or Twitter adding their own branding and controls to your Riddle.)
Collecting email and personal data
You have to pay special attention when dealing with personal data:
- Please make sure to ask for permission – check out our templates for some sample legal language to remain GDPR compliant.
- Use double opt-in (DOI) either via email or via a one-time code to stay compliant with GDPR.
- Save lead data to Riddle or to an integration like Brevo.com which is also GDPR compliant.
- The “Save to Riddle” option is easy for people who don’t want to send data to another email tool or marketing software.
- Save lead data to your tool.
If you save your lead data using another method, ensure it is GDPR compliant. (Most popular U.S.-based companies are probably problematic). (List of GDPR-compliant tools) - Meta (Facebook) Pixel
Using FB Pixel is controversial in GDPR terms. We recommend against using it.
Riddle defaults that make your interactive content GDPR-compliant
- We serve all Google fonts from our servers, ensuring GDPR compliance by avoiding third-party trackers.
- All lead data stored on our servers is encrypted.
- We never use trackers or cookies for your quiz takers — only completely anonymous local storage for features such as limiting how often someone can take part in a quiz, poll, or other Riddle content.
- You can read our full breakdown around using cookies and local storage for your audience here: https://www.riddle.com/legal/cookies
- Our servers are in a banking-grade data center in Germany, operated by ourselves with backups in Luxembourg, and strictly adhere to GDPR regulations.
- We do not use Cloudflare or any other CDNs operated by U.S. companies. Instead, we manage our Germany-based CDN ourselves, keeping your content GDPR compliant.
Any questions about creating GDPR compliant content?
If you have any questions about using Riddle to collect personal information – for example, for lead generation, quiz contests, or other interactive activations – we’re here to help.
As an EU-based company, we understand the importance of GDPR compliance and data privacy. Our entire team – from founders and product managers to developers – actively supports customers with questions like these. You can reach us via our support chat or by emailing hello@riddle.com. We’re also happy to arrange a support or Teams call to discuss your specific use case in more detail.
Riddle is trusted by some of the world’s leading publishers and brands, including Immediate Media/Burda (case study), 20 Minuten (case study), Club Med (case study), Tate Modern, and many others.
Founded in 2014, Riddle powers 2.8 billion quiz and survey questions every year for publishing partners. We bring deep experience helping organizations harness the power of interactive content while staying fully compliant with GDPR and other privacy regulations.
Frequently Asked Questions (FAQ)
Can I collect personal data through quizzes and polls under GDPR?
Yes – as long as you obtain explicit consent. Always include a clear opt-in form before collecting any personal data such as names or emails. Riddle offers GDPR-friendly lead forms and double opt-in options to make data collection safe and compliant.
How should I handle email collection and lead generation forms in quizzes?
Always use explicit consent and double opt-in (DOI). You can save leads securely in Riddle or send them to GDPR-compliant email tools like Brevo. Avoid U.S.-based platforms unless you have additional safeguards in place, as many don’t fully meet EU privacy standards.
What makes Riddle’s quiz maker GDPR-compliant by default?
Riddle is EU-owned and operated, with all data stored on encrypted servers in Germany and backups in Luxembourg. The platform doesn’t use cookies, trackers, or U.S.-based CDNs, and even serves Google Fonts locally — all to ensure full GDPR compliance by design.
How can I make sure consent screens are GDPR-compliant?
You should always ask for permission before loading external media or cookies. Riddle provides built-in consent screens that let users choose whether to load third-party content. This helps you stay transparent, gain proper consent, and maintain GDPR compliance.
Why is GDPR compliance so important for interactive content in 2025?
With over €6.7 billion in GDPR fines since 2018, compliance is more critical than ever. Interactive content often collects user data, so following GDPR ensures you avoid fines and build audience trust. Platforms like Riddle are fully EU-based, helping you stay compliant automatically.
