Creating a GDPR-compliant quiz might sound tricky, but it’s straightforward… if you choose the right quiz maker.
Some quick context: the EU’s GDPR has made user data privacy critical for businesses around the world. Companies face big fines if they collect data illegally.
To help you safely use quizzes for marketing, here are our five secrets to creating a GDPR-compliant quiz.
Why make a GDPR-compliant quiz?
The bottom line? The rules are great for protecting individuals – but they’re a bit tricky for businesses.
The good news?
Riddle offers a fully GDPR–compliant quiz maker, but we leave it up to you – the quiz creator – to decide how to use our GDPR-safe tools. After all, our quiz maker is used all over the world, including places where the privacy laws are more relaxed.
But be careful.
Unless you follow our guidelines, you can still be liable if your quiz may be accessed by EU citizens, no matter where your business is located.
GDPR-compliant content: The Privacy Shield issue
And just to make things even more ‘interesting’ (that’s another word for complicated), the EU recently cancelled the Privacy Shield Agreement with the U.S.
The TL;DR version?
You should not store and personal any personal identifiable information (PII) of EU citizens on servers in the U.S.
This means that when you’re choosing a quiz maker, make sure they are not using a U.S. cloud storage service (like Google or Amazon) – so that all data stays on EU servers.
Okay – but what about Riddle’s quiz maker?
The good news is that we operate our own server infrastructure from a banking-grade, super-secure data center in Frankfurt, Germany – with backup servers located in Luxembourg.
We also don’t believe in adding trackers to your quizzes. So you won’t ever see any cookies or trackers (other than a simple session cookie) to your Riddle quiz.
That’s critical towards allowing you to create a GDPR-compliant quiz on our site.
5 steps towards creating a GDPR-compliant quiz
Follow these steps when creating content on Riddle to keep your content GDPR safe:
1. Choose your media carefully
Do not add any Youtube or Twitter content to stay GDPR-compliant.
Note: We do add customizable ‘opt-in’ consent banners for your audience when they view questions with Youtube or Twitter content.
However, these two services still load cookies and trackers that are at least a bit problematic.
We recommend using our MP4 video feature (hosted on Riddle’s servers) – as part of our Team plan – if you want to use video content.
2. Safely add a lead form
Quizzes are fantastic lead generation tools – but you should be careful in how you collect your quiz takers’ data.
1st: We recommend you turn on the checkbox “Ask for permission to collect quiz responses”:
We added this option so Riddle saves each lead’s quiz data along with your form if the user has given express consent for this. If consent is not given, you will see a “n/a” value in your lead download for the respective entry.
In our experience, the vast majority of quiz takers are fine with this – but they appreciate being asked.
One tip: Give a good reason why opting in will help them – such as “Let us see your quiz answers, so we can provide you with a customized report about your quiz results.” (You can use our ’email quiz results’ option for this.)
2nd: Make sure to turn on the options “Save lead data with Riddle” and activate “Double-opt-in”.
This provides yet more transparency for your audience.
All your quiz and lead data will be encrypted and stored on Riddle’s EU servers. You can download it in CSV or Excel format and then import into a tool of your choice.
You can also search for leads and permanently delete them – which meets another key GDPR requirement (the “Right to be forgotten”).
Don’t want to use the ‘Save to Riddle’ option? Make sure to pick another save method that is GDPR-compliant.
Most popular e-mail marketing tools are U.S.-based companies and problematic.
One other option: You can also use our webhook to send leads directly to an endpoint of your choice (your in-house CRM system for example) – avoiding the need to store data in the cloud.
(Ask us for details using our support chat bubble at the bottom of this page.)
3. What about using a Facebook pixel?
Okay – first the bad news. We feel that any use of the Facebook Pixel is not GDPR-compliant.
However, if you must use a Facebook pixel when you create a quiz, we provide you with a safe method to do so.
Go to the ‘Extras’ section of the ‘Publish’ step, then enable the “Display a pixel warning overlay” option.
This will stop the Facebook pixel from loading until the user has given consent. But be sure to adapt the opt-in text according to your local legal requirements.
If GDPR-safe Facebook tracking is extremely important to you, turn on the ‘require opt-in to FB tracking’ option. The quiz won’t function until the user consents to your Facebook Pixel.
4. And social sharing?
Our quiz maker features built-in social sharing, and our social sharing buttons are GDPR-compliant. They do not load any code from the respective social network until the user clicks on them.
However, many share buttons pre-load code from the social networks, which makes them potentially non-compliant from a GDPR perspective.
If you want to be on the safe side, disable all sharing. You can find that option in the ‘Customize’ menu > ‘Social’ section.
5 more reasons Riddle quizzes are GDPR-compliant (by default)
We take our role as a GDPR-compliant quiz maker super seriously. We’ve analyzed every aspect of our quiz creator – from creating content to delivering it to your audience.
Here’s a sampling:
- We serve all our Google Fonts directly from our own servers.
- All lead data stored on our servers is encrypted.
- We never add trackers or cookies – other than a necessary session cookie – to the quiz.
- Our servers are in a banking-grade data center in Germany, operated by ourselves with backups in Luxembourg.
- We do not use Cloudflare or any other CDNs operated by U.S. companies. Our CDN is operated and managed by us – and also located in Germany.
Any questions about Riddle’s GDPR-compliant quiz maker?
We know the GDPR and other privacy regulations (like California’s CCPA) can be tricky, especially when you’re making a quiz with lead generation.
Please ask away if you have any questions about making your own GDPR-compliant quiz – we’re always happy to help.
(The bonus? We’re fast – seriously fast – at responding. Our entire team are averaging 1 minute 47 seconds to reply – and you’ll often catch our founders Boris and Mike online… so ask away!)