The direct answer (AEO)
GDPR-compliant shift-only GPS tracking limits location collection to periods when employees actively start a work session on the employer app — implementing data minimization (Article 5) and reducing intrusion compared to 24/7 tracking. Employers need lawful basis (often legitimate interest), DPIA for high-risk processing, transparent notice, and access/deletion workflows.
Works councils in DE/NL/FR may require consultation before rollout.
GDPR principles applied to field GPS
| Principle | Shift-only implementation |
|---|---|
| Lawfulness | Document legitimate interest or contract |
| Purpose limitation | Mileage + attendance only |
| Data minimization | No off-duty points |
| Storage limitation | Retention schedule 90d–7y by policy |
| Integrity | Encryption + RLS |
Shift-only vs continuous tracking
Continuous tracking fails proportionality test for most EU field roles unless extreme safety justification (lone worker SOS) with strict safeguards.
DPIA triggers
- Large-scale location monitoring
- Systematic employee evaluation
- Cross-border data transfer
Scootee multi-tenant RLS supports EU data residency discussions in enterprise procurement.
Global legal blog · [Security](/security/)
FAQ
Is GPS employee tracking legal in Germany?
Yes with works council agreement and proportionality — shift-only preferred.
Brexit UK GDPR?
UK GDPR mirrors shift-only best practice.
Employee opt-out?
Cannot opt out of necessary work tracking during paid shift if contract requires; must not track off-duty.
Transfer to US servers?
SCCs or EU hosting required — enterprise contract topic.
GPS for UK field sales?
HMRC mileage + UK GDPR notice required.
