Product Pricing Guides Templates Contact

GPS and geofenced clock-in explained

Updated 6 July 2026

A GPS time clock records an employee's location at the moment they clock in or out; a geofenced time clock goes one step further and only allows clocking in within a defined radius of the workplace. Used proportionately, both are lawful in the UK and solve real problems: confirming that mobile and multi-site staff are where the work is, and keeping timesheets honest without a manager standing at the door. The key legal and cultural line is capturing location at clock events only, with clear communication, rather than tracking people continuously.

What the terms actually mean

The terminology gets muddled in sales material, so here are the distinctions that matter:

  • GPS-stamped clock-in: when a worker taps clock in on their phone, the app records a single location alongside the timestamp. Nothing is recorded between clock events. This is the most common and least intrusive form.
  • Geofencing: a virtual boundary, typically a radius of 50 to 300 metres around a site. The app checks the worker is inside the fence before accepting the clock-in, or flags clock-ins from outside it for a manager to review. Again, location is checked at the clock event, not monitored continuously.
  • Continuous or live tracking: the device reports location throughout the shift. This is a different category of processing with much higher privacy impact, and most businesses that think they need it actually need one of the first two. This guide is about the first two.

In a product like Team Pilot, a manager typically draws the geofence on a map per site, chooses whether out-of-fence clock-ins are blocked or merely flagged, and the timesheet shows a small location confirmation against each entry.

The problems location-verified clock-in solves

Be honest about the problem you are solving, because it determines whether the tool is proportionate:

  • Multi-site and field teams: cleaners, security officers, care workers, engineers and event staff clock in at places the manager cannot see. A location stamp confirms attendance at the right site without phone calls.
  • Time theft at the edges: clocking in from the bus ten minutes before arriving, or from home. A geofence removes the temptation quietly and equally for everyone.
  • Client billing evidence: for contracted services billed by attended hours, a location-stamped timesheet is documentation you can stand behind with a client.
  • Lone worker awareness: knowing that someone clocked in at a remote site, and clocked out again, has a safety value, though it is not a substitute for a proper lone-worker system.

If your whole team works one site with a manager present, location adds little. That is the situation where a kiosk, covered below, is usually the better answer.

UK GDPR: doing it lawfully

Location linked to an identifiable worker is personal data, so UK GDPR and the Data Protection Act 2018 apply, and the ICO has specific guidance on monitoring workers. The requirements are entirely manageable if you take them in order.

1. Define the purpose. Write down exactly why you are collecting location, for example "to verify attendance at assigned work sites for accurate pay and client billing". You may only use the data for compatible purposes afterwards; quietly repurposing clock-in locations to investigate something unrelated undermines your lawful basis.

2. Choose the lawful basis, and it is usually not consent. Because of the imbalance of power in employment, employee consent is rarely considered freely given, so consent is a weak basis. Most employers rely on legitimate interests, which requires a documented three-part test: identify the interest, show the processing is necessary for it, and balance it against workers' rights and expectations. Clock-event-only capture with a defined purpose usually passes this test; continuous tracking often does not.

3. Do a DPIA if required, and it is good practice anyway. A Data Protection Impact Assessment is legally required where processing is likely to result in high risk, which the ICO indicates can include systematic monitoring of workers and tracking location. A DPIA for a geofenced time clock is typically a few pages: what is collected, why, alternatives considered, risks and mitigations. Doing it also forces the proportionality thinking that keeps you out of trouble.

4. Tell people properly. Transparency is not optional. Before rollout, update your privacy notice and explain in plain language: what is captured (location at clock events only), what is not (no tracking between events, nothing outside work), who can see it, how long it is kept, and how to raise concerns. Covert monitoring is lawful only in genuinely exceptional circumstances and is not what a time clock is for.

5. Minimise and limit retention. Collect the least you need: a single coordinate or a simple inside-the-fence flag at clock events. Set a retention period aligned to your pay records practice and delete on schedule. If an inside/outside flag would serve your purpose, consider whether you need to store precise coordinates at all.

6. Respect data rights. Workers can make subject access requests covering their location data, so choose a system that can export it sensibly.

Proportionality: the practical test

A useful rule of thumb: the intrusion should scale with the problem, and you should use the least intrusive option that solves it.

Situation Proportionate choice
Single site, manager usually present Kiosk clock-in, no location needed
Single site, no manager at opening Kiosk, or mobile clock-in with geofence
Multi-site or client-site teams Mobile clock-in with GPS stamp or geofence
Billing disputes or attendance fraud at specific sites Geofence with flagged exceptions, reviewed by a manager
"I want to see where everyone is all day" Stop, this is continuous tracking; revisit the actual problem

Configuration choices also affect proportionality. Flagging out-of-fence clock-ins for review is gentler than hard-blocking them, and it handles legitimate edge cases such as GPS drift, large sites and car-park clock-ins without leaving anyone unpaid or locked out.

The kiosk alternative

A kiosk is a shared tablet mounted at the site where staff clock in with a PIN, and often a quick photo to deter buddy punching. It deserves more attention than it gets, because it solves the attendance-verification problem through physical presence rather than personal data:

  • No location data is processed at all, since being at the kiosk is the proof of presence, which simplifies the GDPR analysis considerably (photo capture still involves personal data and should be covered in your notice; treat any biometric verification, such as facial recognition templates, as special category data requiring much stronger justification).
  • No dependence on personal phones, which matters for staff without smartphones, sites where phones are banned, or teams uncomfortable installing a work app.
  • One-off hardware cost, typically a cheap Android tablet in a mount.

Its limits are the mirror image: it only works where there is a fixed site with power and connectivity, and it does nothing for field teams. Many businesses run both: kiosks at fixed sites, geofenced mobile clock-in for mobile roles. Team Pilot and comparable platforms treat these as interchangeable capture methods feeding the same timesheet, so mixed teams do not need mixed processes.

Rolling it out without a backlash

Location features fail culturally before they fail technically. A rollout that works looks like this:

  • Write down the purpose and complete the legitimate interests assessment and DPIA
  • Configure minimally: clock-event capture only, sensible fence sizes, flag rather than block at first
  • Update the privacy notice and any monitoring policy
  • Brief the team before switch-on, covering exactly what is and is not collected, and take questions
  • Run two weeks in flag-only mode and review the exceptions with fresh eyes
  • Adjust fences for reality (car parks, large sites, poor GPS spots), then enforce
  • Diarise a six-month review of whether the setting is still proportionate

The single most persuasive message to staff is the truthful one: this protects accurate pay and stops the minority who clock in from the bus, and the app cannot see anyone between clock events or off shift.

Frequently asked questions

Is GPS clock-in legal in the UK?

Yes, provided you comply with UK GDPR: a defined purpose, a valid lawful basis (usually legitimate interests, properly assessed), transparency with workers, data minimisation and sensible retention. Location captured only at clock-in and clock-out, clearly communicated, is a widely used and defensible setup.

Can my employer track my phone outside working hours?

A properly configured time clock app cannot and does not. It records location only at the moment you clock in or out, and nothing when you are off shift. Continuous tracking of a personal phone outside work would be very difficult to justify under UK GDPR, and reputable workforce apps do not offer it.

What if an employee refuses to use their personal phone?

You generally cannot force use of a personal device without contractual backing, and pushing the point is rarely worth it. Offer an alternative: a site kiosk, a shared device, or a manager-confirmed clock-in. Having a stated alternative also strengthens your GDPR position, because it shows the scheme is proportionate rather than coercive.

How big should a geofence be?

Big enough to cover the real workplace including entrances and staff parking, small enough to be meaningful; 100 to 250 metres suits most sites. Start generous in flag-only mode, look at two weeks of real clock-in locations, then tighten to fit. A fence that regularly rejects legitimate clock-ins will destroy trust in the whole system.

More like this

Small team? It's free. Properly free.

Up to 10 people at one location, with rotas, time clock, timesheets, tasks and chat included. No time limit, no card, and no nagging to upgrade until you actually grow.

Start free

See it with your own team

Set up takes minutes: add your people, build a week and publish. Free for 14 days on every paid plan, free forever for small teams.

No credit card required.