DofE Safeguarding and GPS Tracking: Risk Assessment, Remote Supervision and Data Security Explained
Unaccompanied expeditions are one of the most powerful experiences offered through The Duke of Edinburgh’s Award (DofE). They develop resilience, leadership, teamwork and independence.
But they also introduce safeguarding responsibilities that do not disappear simply because supervision is remote.
Increasingly, schools and external providers use GPS tracking systems to support DofE Bronze, Silver and Gold expeditions. However, most risk assessments still focus on a single question:
“What if a participant gets lost?”
From a safeguarding and GDPR perspective, that is no longer the primary risk.
The more significant — and often overlooked — safeguarding risk is this:
What if live tracker data showing the real-time location of minors falls into unauthorised hands?
This article explains what schools, trusts and DofE providers must consider when assessing GPS tracking systems for safeguarding compliance.
DofE Safeguarding Requirements for Unaccompanied Expeditions
DofE Bronze expeditions involve groups of minors:
- Walking independently
- Camping overnight
- Operating under remote supervision
- Often in rural or semi-remote environments
Under OEAP National Guidance on unaccompanied expeditions, leaders remain responsible for supervision at all times.
Unaccompanied does not mean unsupervised.
Remote supervision must be:
- Planned
- Competently managed
- Supported by effective communication
- Risk assessed
Electronic trackers are listed as one method of remote supervision. However, OEAP guidance explicitly warns of safeguarding concerns, including:
“Safeguarding concerns, e.g., if an unauthorised person is able to track a child.” OEAP Good Practive, Group Management and Supervision
This is the risk most schools are not currently assessing properly.
GPS Tracking for DofE Expeditions – What the Risk Assessment Often Misses
When schools include GPS tracking in their DofE risk assessment, they typically assess:
- Device failure
- Battery life
- Signal coverage
- SOS activation procedures
These are operational risks.
But safeguarding risk is different.
If a tracking system uses a shareable hyperlink or open URL to display live expedition data, then anyone in possession of that link may be able to view:
- Real-time group location
- Route history
- Campsite locations
- Movement patterns
- SOS status
In many systems:
- There is no login requirement
- There is no two-factor authentication
- There is no access approval process
- There is no audit trail
- There is no revocation control
- There is no automatic expiry
From a safeguarding governance perspective, this creates a foreseeable risk.
And foreseeable risks must be addressed in a school’s risk assessment.
Are Shareable Tracking Links GDPR Compliant for Schools?
Live GPS tracking data of minors is personal data under UK GDPR.
In certain contexts, it may also qualify as high-risk data because:
- It reveals the real-time location of children
- It reveals overnight accommodation points
- It can expose patterns of movement
- It can reveal vulnerability (e.g., SOS activation)
Under OEAP guidance on using external providers, establishments must ensure that providers have adequate privacy and data protection arrangements. (Source: OEAP Good Practice: 4- External Providers)
Decision makers should be asking:
Where is the data hosted?
- Is it stored in the UK?
- Is it transferred overseas?
- Is it encrypted at rest and in transit?
- Who has database-level access?
- Is the provider ISO27001 certified?
- Are they Cyber Essentials compliant?
- Is there a documented access control policy?
If a system relies on open access links rather than authenticated accounts, the school may struggle to demonstrate GDPR compliance.
Convenience is not a lawful basis for weak access control.
Remote Supervision in DofE – Why Web Apps Create Operational Risk
OEAP guidance on remote supervision requires that leaders must be able to intervene or assist within a reasonable time. (Source: OEAP Good Practice: 4 Group Management and Supervision)
Many GPS tracking systems rely entirely on browser-based web apps.
The safeguarding issue here is not just data security.
It is operational resilience.
- Web apps typically:
- Require a mobile signal
- Cannot fully download maps offline
- Lose functionality in valleys and remote terrain
- Stop updating when connectivity drops
Consider the realistic scenario:
- A DofE group activates an SOS
- The supervising leader drives into a wooded valley
- Mobile signal drops
- The browser session disconnects
- The map disappears
At precisely the moment supervision must be restored, the system fails.
A safeguarding-aligned GPS tracking solution for DofE should:
- Download maps offline
- Retain last known tracker positions
- Allow GPS navigation without a cellular signal
- Continue operating in signal blackspots
Offline capability is not a “nice to have.”
It is a safeguarding control measure.
What Secure GPS Tracking for DofE Should Include
If a school, MAT or expedition provider is using GPS tracking for DofE expeditions, a safeguarding-first system should include:
Access Control
- Individual user accounts
- Role-based permissions
- Explicit invitation and approval
- Two-factor authentication
Revocation Controls
- Immediate manual removal of access
- Automatic expiry after expedition end
- No persistent public URLs
Auditability
- Access logs
- Login history
- Data access traceability
Infrastructure Security
- UK-based hosting
- G-Cloud compliant environment
- ISO27001 certification
- ISO9001 certification
- Cyber Essentials certification
- No unauthorised third-party database access
Operational Resilience
- Fully offline map capability
- Offline GPS navigation
- Retention of tracker data without signal
If these controls are absent, the risk assessment may be incomplete.
Safeguarding Governance and Inspection Readiness
Increasingly, safeguarding is not only about operational safety.
It is about governance.
School leaders should be able to answer:
- How do we control access to live tracking data?
- Who can see it?
- How is access revoked?
- Where is the data stored?
- How do we evidence compliance?
If an incident occurred and location data had been accessed by an unauthorised third party, the school would be expected to demonstrate that reasonable safeguarding controls were in place.
Shareable links without authentication are difficult to defend in that context.
DofE GPS Tracking and the False Sense of Security
OEAP guidance warns that electronic trackers can create a false sense of security. (Source: OEAP Good Practice: 4 Group Management and Supervision)
Unsecured trackers create something worse:
- A false sense of supervision
- A real safeguarding vulnerability
True safeguarding balances independence with controlled oversight.
Participants should still experience autonomy.
But access to their live location data must be tightly controlled.
Questions Every DofE Coordinator Should Ask Their GPS Tracking Provider
If you are responsible for DofE expeditions, ask your provider:
- Does your system rely on shareable links?
- Is login mandatory for all viewers?
- Is two-factor authentication enforced?
- Can access be revoked instantly?
- Is there an audit trail of who accessed data?
- Where is data hosted?
- Is it UK-based?
- Are you ISO27001 certified?
- Does the app function fully offline?
- Can leaders access maps and tracker data with zero signal?
If several answers are unclear, your safeguarding risk assessment may require review.
Conclusion – Secure GPS Tracking Is a Safeguarding Requirement, Not a Feature
DofE expeditions remain one of the most valuable developmental experiences available to young people.
But digital supervision infrastructure must now meet the same safeguarding standards as physical supervision.
GPS tracking systems for DofE should not simply answer:
“Can we see where they are?”
They must also answer:
“Who else can see where they are?”
“How do we control that access?”
“How do we evidence compliance?”
Secure, authenticated, auditable, UK-hosted, offline-capable GPS tracking is not a luxury enhancement.
For schools, MATs and expedition providers, it is a safeguarding control.
And safeguarding controls are not optional.
Ensure Your DofE GPS Tracking Is Safeguarding-Compliant
Schools, MATs and DofE Coordinators have a responsibility to ensure that remote supervision systems meet modern safeguarding and GDPR standards.
MeiliGPS was built specifically to address the risks outlined in this guide:
- Secure, authenticated app access (no open shareable links)
- Two-factor authentication
- Controlled sharing and access revocation
- UK-hosted infrastructure
- ISO-aligned security standards
- Fully offline maps and GPS functionality
If you would like to review your current expedition tracking approach against safeguarding best practice:
Explore Secure GPS Tracking for DofE Expeditions
or
Comments