GPS Tracking and GDPR: A Compliance Guide for UK Fleet Managers

GPS tracking your fleet is completely legal in the UK — but it must be done correctly. The UK GDPR and Data Protection Act 2018 set clear rules about how you collect, use, and store location data from your employees' vehicles. This guide explains exactly what fleet managers need to do to stay compliant, avoid ICO enforcement, and maintain driver trust.

Is It Legal to Track Employees' Vehicles?

Yes — tracking vehicles that employees use for work is lawful under UK GDPR, provided you meet its requirements. Vehicle tracking in a business context typically relies on "legitimate interests" as the legal basis under Article 6(1)(f). This means you do not need individual employee consent to track company vehicles. However, you must be transparent: tell employees that tracking is in place, why, what data is collected, and how long it is retained.

What You Must Tell Drivers Before You Track Them

UK GDPR's transparency requirements mean you must provide employees with a privacy notice before tracking begins. This should state that vehicle tracking is in place, describe what data is collected (GPS position, speed, journey history, idle time), explain the purposes — route efficiency, driver safety, fleet security, compliance — confirm the legal basis for processing, name any third parties who will access the data such as your telematics software provider, and state how long the data is kept.

Tracking Outside Working Hours

Tracking employees outside working hours — evenings, weekends, and annual leave — is a grey area requiring careful handling. If employees take company vehicles home, tracking can continue provided your privacy notice covers it. However, recording personal journeys to the same degree as work journeys is harder to justify legally. Best practice is to use driver identification keypads on your GPS trackers: when a driver does not log in, the tracker still records vehicle movement but does not attribute it to a named individual, reducing personal data processing while retaining security data.

How Long Can You Keep GPS Tracking Data?

The UK GDPR's storage limitation principle requires personal data to be kept only as long as necessary for its original purpose. For fleet tracking, a common approach is to retain detailed journey data for 30–90 days and summary data — monthly mileage totals, incident records — for longer. Incidents involving insurance claims or legal proceedings may require extended retention. Review your telematics platform's default data retention settings and align them with a written data retention policy.

Do You Need Employee Consent?

You do not need employee consent to track company vehicles in most fleet contexts. Relying on consent creates operational problems: employees can withdraw consent at any time, making your tracking programme unreliable. Instead, rely on legitimate interests — or legal obligation where applicable — as your processing basis. Document a legitimate interests assessment and keep it on file in case the ICO requests it.

Tracking Hardware and GDPR-Compliant Fleet Tracking

Teltonika and Queclink devices from Tracking Hardware collect and transmit only the data your telematics platform requests. Most leading UK telematics platforms provide configurable data retention settings and operate under ISO 27001 certified data handling. If you need advice on selecting the right hardware for a GDPR-compliant fleet tracking deployment, contact our team.

All Teltonika and Queclink devices we supply are fully unlocked — not tied to any specific telematics platform or fleet management software. You are free to use them with any compatible platform.

Further Reading

If you found this article useful, these related guides may also help: What Is a Driver Identification Keypad? — Driver ID Keypads: How They Improve Fleet Compliance — How to Choose a Vehicle Tracker Supplier in the UK.