How to make your device messages GDPR-compliant using plugins?

Using flespi plugins to remove the location data from telemetry messages according to the specified schedule.

GDPR compliance is an area of concern for many businesses across Europe that collect and use personal data in their operations.

One of the aspects of GDPR related to the prohibition to collect employee location data outside business hours. This means that if an employee takes the company car (equipped with a GPS tracker) to drive home after work or to travel to the amusement park with their kids on the weekend, it’s not allowed to record the position of the car.

To avoid fines, companies need to remove location data from all messages before they are saved in their database. Flespi gives a simple and convenient way to accomplish this.

So, the sample requirements are:

  • remove position.latitude, position.longitude, position.altitude, position.direction, and position.speed parameters from device messages

  • beyond 9 am to 6 pm on weekdays and all day on weekends.

This scenario is easily implemented using a plugin of msg-erase type:

create flespi plugin gdpr

You need to specify the parameters you want to remove from the message in the parameters field.

Then you need to compose an expression for the validate_message field that describes the schedule when the plugin should apply. In our case it looks like this:


Learn more about expressions capabilities here.

It’s also important to specify the proper timezone for your location so that the validation expression applies correctly.

Once the plugin is created, assign it to the device that needs to have the position parameters removed:

assign gdpr plugin to device


Now once the working hours are over, you can drive wherever you want and no one will have a chance to find out where you have been;)

gdpr plugin no position data log

See also
Getting plain parameters’ values from array-structured ‘ble.beacons’ parameters