What your DPO will ask about people counting
Visitor measurement rightly triggers data protection questions. These are the ones a DPO or compliance team typically asks, and where the written answers live. Orientation, not legal advice.
Why visitor measurement lands on the DPO’s desk
Counting visitors means measuring people in a physical space, and most ways of doing it touch something that could be personal: signals from a phone, or images at a door. A DPO or compliance team is right to slow the project down and ask what is collected, what is kept, and whether anyone could ever be picked out of the data. This page collects the questions that typically come up when a DPIA, a data protection impact assessment, turns to visitor measurement, and points to where the written answers live. It is orientation, not legal advice, and it does not replace your organisation’s own assessment.
The questions to expect
A DPIA works through a predictable set: what is collected, whether anything is asked of visitors, what is kept, whether anyone can be picked out of the data, whether cameras store images, and where the numbers go. Rather than restate them here, the answers are set out point by point under what compliance teams ask us; this page is about the assessment that sits around them, not a second copy of the same answers.
Statistics, never records of people
A distinction worth making early in any assessment: what the method delivers is statistics, not files about individuals. Visitor counts, dwell times, flows, capture rates and trends arrive as aggregated figures, and there is no stored record of any individual behind them, because all personal data is irrevocably deleted as part of the method itself. That is a different starting point from systems that collect personal data first and protect it afterwards.
Where the written answers live
A DPO will want sources, not summaries. The compliance position is set out on GDPR-compliant footfall analytics, including what the regulatory approval means for a review: Bumbee Labs runs the only footfall method in Europe approved by a data protection authority, so the central question, does this produce personal data, has already been asked and answered where it matters most. The step-by-step journey from signal to statistic, through collection, anonymisation, filtering, processing and insight, is described on data deliverables. Our privacy policy states the position plainly: we do not identify individuals, and we do not build profiles of the people being counted. Shorter answers to the most common questions sit in the FAQ.
What your own assessment still decides
Whether your organisation runs a formal impact assessment, and what it must cover, is a judgement for your DPO and compliance function. Nothing on this page replaces that. What we can do is make the work quick: plain-language documentation, direct answers in writing to the questions that remain, and a walkthrough of the method, the data journey and the dashboard with your DPO in the room. Organisations with high privacy bars, municipalities, libraries, transport hubs, asked the same questions before committing. When you are ready, talk to our team and bring the questions your DPO will ask anyway.
We are very excited by this collaboration with Bumbee Labs as their data expertise will complement our IoT know-how providing an unparalleled service to our clients across several verticals, industries and markets in the Middle East.
Frequently asked questions
Do we need a DPIA for people counting?
That judgement belongs to your own DPO or compliance function, and we will not make it for you. What we provide is the material that makes the assessment quick: documentation showing that the method produces anonymous, aggregated statistics and no personal data, plus direct answers to whatever remains.
What documentation can we hand to our DPO?
Start with the GDPR page, the privacy policy and the step-by-step data journey on data deliverables. For anything beyond that, our team answers compliance questions directly, in writing, and a walkthrough can be arranged with your DPO in the room.