CAPS unveils GDPR agreement

CAPS, the Common Automotive Platform Standard, has published a new end user licensing agreement to clarify how data controllers and processors can use personal information transmitted through the system.

CAPS encrypts all data transmitted through the platform and does not retain any identifiable information. This reinforces how the structure of the CAPS end user licensing agreement underpins readiness for the new General Data Protection Regulation (GDPR).

The new agreement sees updated end user information definitions as well as clear guidelines on how the data can be used including the fact that information exchanged by CAPS is only processed in the EU. Rules around confidentiality of information channelled through CAPS are also reinforced.

The new release of CAPS in 2017 was designed to provide industry-leading levels of data protection for the individual and for those receiving and transmitting information and was developed in consultation with Information Commissioner’s Office. The Microsoft Azure platform ensures transparency of process, total control of where the data is sent and end-to-end encryption. Both the main CAPS platform and its back-up support systems are hosted in the EU.

The 800 bodyshops currently using the CAPS platform can access the new end user licensing agreement via the website at

John O’Roarke, Chairman of the CAPS National Advisory Council, said, ‘We continue to work to ensure that delivering the highest levels of security and data protection for everyone involved in the repair process remain a priority, and above all, for the individual consumer.

‘The new end user licensing agreement further clarifies the responsibilities of data processors and that information transmitted via CAPS must be retained in the EU. This apparently small step is a vital part of the CAPS roadmap to become the industry standard for data transfer.’