Time & Attendance

GPS Geofence Clock-In — How It Works and Why UK SMEs Use It

Buddy-punching costs shift-based employers up to 2.2% of payroll. GPS geofence clock-in solves it at the punch event, not all day. Here's the technical, legal, and procurement playbook for UK SMEs in care, hospitality, warehousing, and agency staffing.

Published 10 June 2026 · 9 min read · Every claim sourced

Buddy-punching is a tax on shift-based payroll

One employee clocks in for another who is still in bed. The paid hour gets paid. Nobody flags it. Over a year, across a workforce of 80 carers, hospitality staff or warehouse operatives, that one habit can quietly skim up to 2.2% of gross annual payroll, the figure the American Payroll Association attaches to buddy-punching in higher-risk businesses. The APA reports that 75% of US employers have it happening to some degree.

The UK has no equivalent headline statistic, but the underlying behaviour is identical. Deputy estimates the average employee inflates working time by roughly 4.5 hours a week, and at £12 an hour across a 100-person operation that translates to thousands per month in unworked-but-paid time. Most UK operators do not lose payroll to dramatic fraud. They lose it to a few minutes here and there, repeated across a roster, that no manual sign-in sheet can catch.

GPS geofence clock-in is the cheapest control that actually closes the gap. It is also the one most often misunderstood, both by employees who fear all-day tracking and by employers who do not realise the ICO has specific rules about how it must be deployed. This guide explains the mechanics, the law, and what to look for before you buy.

What is GPS geofence clock-in?

A geofence is a virtual boundary drawn around a physical location: a care home, a warehouse, a construction site, a hotel kitchen. GPS geofence clock-in is a time-and-attendance method where an employee can only register their start or end of shift if their phone is inside that boundary at the moment they tap the clock-in button. If they are 400 metres down the road, the app refuses the punch and tells them to move closer.

Crucially, modern geofence clock-in does not record the employee's location for the rest of the day. It samples GPS at two moments: clock-in and clock-out. Everything in between is silence. Breathe HR, for example, explicitly states that "the only location that is captured by the geo-tagging system is the clocking-in location. Clocking out and live location of your employees are not recorded." BrightHR's Blip product describes a similar narrow-purpose model.

The point is auditability without surveillance. You can prove a shift was started on site. You cannot, and should not, prove where the employee went for lunch.

How it works technically

Three layers do the work, and SME operators benefit from understanding each.

The browser or app reads GPS. Modern smartphones publish location to apps through the W3C Geolocation API, which returns a latitude/longitude pair and an accuracy value in metres at a 95% confidence level. On a modern handset outdoors with a clear sky view, GPS is typically accurate to around 3 metres. Indoors, or inside a thick-walled care home, accuracy degrades to Wi-Fi assisted positioning (5–15 metres) or, worst case, cell-tower triangulation (hundreds of metres).

The server checks the geofence. Your admin draws a radius around each site — typically the building plus a small buffer for car parks and approaches. Breathe enforces a 50-metre minimum and recommends 80–100 metres in practice to absorb GPS jitter, and most reputable systems land in that range. Set the radius too tight and honest staff will be denied punches at the front door; too loose and the control collapses.

The app handles patchy signal. A care worker pulling up to a rural placement, a warehouse picker in a steel-clad unit, a security officer at a remote depot — none of them have reliable 4G. Good geofence apps cache the punch offline, attach the GPS coordinates captured at the moment of the tap, and sync to the server when the device gets back online. This is not optional. Without it, the system punishes employees for poor infrastructure rather than poor behaviour.

Two other technical points matter for UK operators. Time-zone handling should always store the punch in UTC server-side and render local time in the UI; a system that stores local time will produce a phantom hour every March and a duplicate hour every October. And the server clock, not the phone clock, is the source of truth. If the punch can be back-dated by changing the device's date, the audit is worthless.

What it stops

Geofence clock-in pre-empts four very common problems on a shift-based payroll.

  • Buddy-punching. Your colleague cannot clock you in if your phone is not on site. The control is structural, not behavioural.
  • Falsified start and end times. Employees can no longer round up their own hours when the system stamps the punch with a server timestamp and a verified location.
  • "My timesheet says X but my manager says Y" disputes. A geo-stamped log is harder to argue with. This matters for grievance hearings and for any future employment tribunal where contemporaneous records carry weight.
  • No-show drift in agency staffing. For recruitment agencies, a temp who confirms a shift but doesn't show is direct revenue loss. With geofence clock-in, the agency knows in real time whether the worker is on site, and can re-fill from the bench before the client notices.

The new statutory framework reinforces the value. From October 2026, the Employment Rights Bill is expected to introduce "reasonable notice" rights for shift cancellations and a duty on agencies to compensate workers for late changes. Operators who already have a clean, geo-stamped record of who worked which shift will find compliance trivial. Those still chasing paper timesheets will not.

What it is not

This is the part that wins or loses adoption. Geofence clock-in is not all-day tracking. It is a single GPS sample at clock-in, a single sample at clock-out, and nothing else. The employee does not appear as a moving dot on a manager's screen. There is no breadcrumb trail. There is no record of where they went for lunch, where their child's school is, or whose house they slept at.

Vendors who do not draw this distinction sharply will see usage stall. Vendors who do, often label the feature plainly.

This is also where employer transparency starts to matter for UK data-protection law.

UK data-protection considerations

Location at clock-in is personal data under UK GDPR. Once you collect it, you take on responsibilities. The ICO's final guidance on monitoring workers, published 3 October 2023 and replacing the older Employment Practices Code, is the document that governs what you can and cannot do.

Four points apply directly to a geofence clock-in rollout.

Pick a lawful basis under Article 6. The ICO calls legitimate interest "the most flexible" of the six options for workplace monitoring and treats it as the most appropriate basis for routine time recording. Consent rarely works in an employment context — the power imbalance means freely-given consent is hard to establish — and contractual basis is, in the ICO's words, "hard to envisage" for monitoring. Legitimate interest requires a balancing test: the business need (accurate payroll, dispute prevention, statutory record-keeping) weighed against the employee's reasonable expectation of privacy. For a punch-only geofence with no all-day tracking, that test is straightforward to pass — but you have to actually do it and document it.

Carry out a DPIA. The ICO treats workplace monitoring as processing likely to result in high risk under Article 35, so a Data Protection Impact Assessment is expected before rollout. Even where one is not strictly mandatory, the ICO says it is good practice. The DPIA needs to describe what data is collected, from whom, how often, how long it is kept, and how it is secured.

Be transparent. Workers must be told, in plain language, before monitoring starts: what is collected, why, what the lawful basis is, how long the records are kept, and how they can object. The ICO's position is firm: covert monitoring is "unlikely to be justifiable" outside of suspected criminal activity.

Stay proportionate. The ICO explicitly says you cannot rely on legitimate interest if you can achieve the same result in a less intrusive way. A clock-in geofence is the least intrusive credible control because it captures two points in time rather than a continuous trail. A vendor that ships continuous tracking by default would not pass this test.

What to look for in a vendor — a 5-point checklist

Use these five tests when you compare options. They are deliberately written so the answer is either "yes" or "no".

  1. Does it capture location only at clock-in and clock-out, and is that the default? Anything more continuous is over-collection for a time-recording purpose and creates an ICO problem you do not need.
  2. Can you set the geofence radius site-by-site, with a sensible minimum (50–100 m)? A single radius for every site is a sign the product was built for office workers, not shift workers spread across a region.
  3. Does it work offline and sync later? If staff can fail to clock in because of a 4G blackspot, you will get manual override requests every day and the audit value evaporates.
  4. Are timestamps server-stamped and stored in UTC? Phone-clock timestamps and local-time storage break audit integrity at the daylight-saving boundary.
  5. Does the vendor publish the data flow plainly? You need this for your DPIA and your privacy notice. If the vendor cannot tell you exactly what is captured, when, where it is stored, and for how long, the rollout will stall at the DPO's desk.

A sixth, softer test: does the price scale linearly per employee, or does the vendor lock time-and-attendance behind a separate tier? Some HR suites bundle clock-in for free; some charge extra. WagePerks includes clock-in within the £4.50 per-employee-per-month all-in price, which removes the modular pricing trap.

Three industry pictures

A 40-bed care home in the West Midlands. Adult social care vacancy rates in England sat at 7.0% in 2024/25, with domiciliary care running higher at 9.7%, and managers spend extraordinary time covering gaps (Skills for Care, State of report 2025). A geofence clock-in tied to each home address closes off buddy-punching among the bank staff and, just as importantly, alerts the manager the moment a 7am carer has not arrived — instead of finding out at the morning handover. See /industries/care/.

A 50-pallet distribution unit. Steel-clad warehouses are GPS-hostile. A vendor that does not handle offline punches and Wi-Fi assistance will produce hundreds of false denials a week, and the operations manager will simply switch the geofence off. A vendor that does handle them will catch the early-leave-late-return pattern that quietly inflates timesheets. See /industries/logistics/.

A multi-site pub group. Hospitality has long lived with hour-padding and shift-end ambiguity. Geofence clock-in resolves the "I finished at 11:30" / "the till shows 11:50" arguments before they reach a payroll dispute, and it does so without adding a tracking burden on under-21 staff who are often the most privacy-sensitive cohort. See /industries/hospitality/.

For recruitment agencies, the same mechanism delivers a different outcome: real-time visibility of whether a placed worker has actually arrived. That single piece of information, broadcast to the account manager's screen at 06:55, is often the difference between filling a no-show within 20 minutes and losing the client. See /solutions/recruitment-agencies/.

Closing thought

Geofence clock-in works because it is narrow. Two pings, a radius, an offline cache, a server timestamp. It is not surveillance. It is the cheapest available way to remove an arithmetic error from your monthly payroll run — an error that, on the APA's higher-end numbers, eats up to 2.2% of gross. For a 50-employee SME running on a £1.2m annual wage bill, that is up to £26,400 a year quietly leaking out the door.

Get the law right (Article 6 legitimate interest, DPIA, transparency notice, proportionate radius). Pick a vendor that captures the minimum necessary and works offline. Tell your staff what it does and what it does not do. That is the whole playbook.

See how WagePerks GPS clock-in fits with rota planning, payslips and HR records on the clock-in feature page.

Sources

All sources verified 2026-06-10.

  1. Hubstaff — APA buddy-punching figures — 2.2% of payroll; 75% of US employers
  2. Deputy UK — The true cost of time theft — UK time-inflation estimates
  3. ICO — Monitoring workers guidance — October 2023 final
  4. ICO — DPIA guidance
  5. MDN — Geolocation API accuracy
  6. Skills for Care — State of the adult social care sector 2025
  7. Eversheds Sutherland — Employment Rights Bill, zero/low-hours provisions
  8. BrightHR Blip clocking-in app — punch-only capture
  9. Breathe HR — Geofencing setup — 50 m minimum, clock-in only

See WagePerks in 20 minutes

Eleven modules at £4.50 per employee per month. White-label included. Rolling monthly — cancel any month.

Book a demo

More guides from WagePerks

All guides

Sourced UK SME guides covering pricing, contracts, compliance, and HR essentials.

Browse the library →

Compare 28 platforms

Seven WagePerks-vs-X pages plus 21 head-to-head competitor comparisons. All sourced.

Open the comparison hub →

Savings calculator

ONS-sourced methodology, conservative midpoint £270 per employee per year. Try it on your team.

Run the numbers →