Geolocation, GDPR, LOM law, technical inspection. The regulations governing vehicle fleets have never been so extensive. And the risks of non-compliance are very real: financial penalties, employee complaints, CNIL (French Data Protection Authority) audits, tax penalties, or even the inability to renew your fleet within the deadlines imposed by law.
However, the vast majority of fleet managers are still operating in the dark on these issues. Not through negligence, but because the regulations are complex, scattered, and often poorly explained.
This guide is for you. It brings together, in clear and practical language, the essential information you need to know to manage your fleet in full compliance with current fleet regulations.
Geolocation of company vehicles: what the law says
Geolocation is now an essential tool for fleet management. It relies on a device embedded in the vehicle that automatically communicates with cell towers, without driver intervention. The data generated (position, route, driving time, driving behavior) is invaluable for optimizing a vehicle fleet.
But collecting them cannot be done on a whim.
Geolocation, yes. Continuous monitoring, no. The law allows employers to equip their company vehicles with geolocation devices, provided that this use is justified by specific and legitimate objectives. These objectives must be defined, documented, and communicated before deployment.
Authorized uses include, in particular: the security of property and people, the justification of working hours, the monitoring and invoicing of services, and compliance with regulations on hours of service.
On the other hand, Some tools offer automatic and permanent geolocation: this is illegal.Except in cases authorized by regulations, employees can object to this. And a company that does not comply with these rules is liable to prosecution by the CNIL (French Data Protection Authority).
One important point to remember: since the GDPR came into effect on May 25, 2018, registering a company vehicle with geolocation is no longer mandatory with the CNIL (French Data Protection Authority). However, the underlying rules still fully apply.
GDPR and fleet management: essential obligations
Geolocation collects personal data, including the location and movements of an identifiable driver. As such, it falls squarely within the scope of the GDPR. And the resulting obligations for fleet managers are non-negotiable.
Four fundamental principles to respect:
First, the data collected must be clearly identified, its nature listed, and its use strictly limited to the original purposes. You cannot use location data collected for route management for other purposes, such as disciplinary control.
Secondly, access to this data must be restricted to authorized personnel only. The fleet manager, the administrative manager: access must be traceable and limited.
Third, geolocation data can only be stored temporarily, depending on its specific purpose. Furthermore, the employer is required to record the use of this data in its activity processing register.
Fourth, data security must be ensured. This requires appropriate technical and organizational measures.
Two additional obligations not to be ignored:
There DPIA (Data Protection Impact Assessment): Article 35 of the GDPR mandates an impact assessment for any processing likely to generate a high risk to the rights and freedoms of individuals. The CNIL (French Data Protection Authority) provides a free tool for conducting these assessments. For a fleet of vehicles with geolocation tracking, this assessment may be mandatory.
THE Privacy by design Fleet management systems must integrate data protection from the design stage. The objective is clear: no costly corrections should be required afterward.
Providing information to employees is a legal obligation. Before deploying any geolocation tool, the employer must inform employee representatives and each employee individually. This communication must cover: the reasons for the installation, the identity of the data controller, the data retention period, and employees' rights of access and objection. Transparency is not optional; it is a requirement for compliance and a key factor in fostering social acceptance within your teams.
LOM Law: What are the obligations for businesses?
There Mobility Orientation Law (LOM)The law, adopted in 2019 and reinforced by the Climate and Resilience Law of 2021, requires companies to progressively green their fleets. It is one of the most significant fleet regulations of the coming years.
Who is affected? Public and private companies with more than 50 employees and a fleet of more than 100 light vehicles are subject to this requirement.
The thresholds to be respected:
- 10 % low-emission vehicles (LVE) since January 1, 2022
- 20 % since January 1, 2024
- 40 % effective January 1, 2027
- 70 % from January 1, 2030
Low-emission vehicles (LVEs) include electric, plug-in hybrid, and hydrogen vehicles. These thresholds apply to each vehicle renewal, not to the entire fleet at once, but the overall count is based on all acquisitions.
Anticipate, don't react. Companies that haven't planned their transition will find themselves under pressure when lease contracts are up for renewal. The good news: financial assistance is available to facilitate the transition, including a sustainable mobility allowance of up to €400/year for employees, EV charging infrastructure subsidies through the Advenir program (covering up to 50% of charging station installation costs), preferential loans, and depreciation allowances for clean vehicles.
Fleet management software like SoFLEET can help you track the composition of your fleet in real time, anticipate necessary renewals and manage your LOM compliance without having to manually manage complex dashboards.
How to ensure your fleet's compliance
Compliance is not a static state. It is a continuous process that requires methodology, appropriate tools, and rigorous documentation.
Step 1: Define and document your objectives. Before installing any tracking device, clearly identify why you are doing so. These purposes will form the basis of your GDPR compliance and internal communication.
Step 2: Inform and train your teams. Driver acceptance is essential for success. A well-explained geolocation system is more likely to be accepted. An opaque system generates social conflict and exposes the company to legal action. Consider enabling the work/personal mode on your tools: it sends a strong signal of respect for driver privacy and fosters greater buy-in.
Step 3: Choose tools that are compliant by design. Choose solutions that natively integrate GDPR compliance, with the option to disable geolocation, access tracking, and configurable data retention periods. This is the principle of Privacy by Design applied to your fleet.
Step 4: Plan your LOM law renewals. Develop a multi-year renewal plan that incorporates VFE thresholds. Anticipate electric vehicle supply lead times and charging infrastructure needs.
Step 5: Audit your compliance regularly. Regulations are evolving. An annual audit of your processing register, your geolocation practices and the composition of your fleet is a good practice to systematize.
Download our white paper
Managing your fleet: in compliance with regulations
Is the geolocation of an employee legal?
Yes, under certain conditions. An employer can geolocate company vehicles in their fleet if they comply with the legal framework: defined and documented purposes, prior notification of employees and staff representatives, limited data retention period, and guaranteed data security. However, automatic and continuous geolocation (including outside working hours) is not compliant with the law. Employees have the right to object to it in cases not authorized by regulations.
What are the GDPR obligations for a geolocated fleet?
The fleet manager must: identify and document the data collected, restrict access to authorized personnel, limit the retention period to the initial purpose, record the processing in their activity register, and assess the need for a Data Processing Impact Assessment (DPIA). They must also inform each employee concerned before the system is deployed.
Is my company affected by the LOM law?
Yes, if your company (public or private) has more than 50 employees and a fleet of more than 100 light vehicles. In this case, you must include an increasing percentage of low-emission vehicles (LVEs) when renewing your fleet: 20 %s since January 2024, 40 %s in 2027, and 70 %s in 2030.
What is a low-emission vehicle (LVE) as defined by the LOM law?
The LOM law defines low-emission vehicles (LVEs) as battery electric vehicles, plug-in hybrid vehicles, and hydrogen vehicles. These vehicles must represent an increasing share of acquisitions made during fleet renewal, in accordance with the schedule set out in the law.
Fleet management software like SoFLEET centralizes all essential data: location, fuel consumption, driving behavior, vehicle condition, and maintenance schedules. It enables geolocation in compliance with GDPR, notably through a professional/personal mode and the option to disable geolocation, and allows for anticipating LOM law renewals thanks to precise fleet composition tracking.
How can fleet management software help me achieve compliance?