Guidelines 01/2019 on Codes of Conduct and Monitoring Bodies under the GDPR

Section 12.2  Conflict of interest

68. It will need to be demonstrated that the exercise of the monitoring body’s tasks and duties do not result in a conflict of interests. As such, code owners will need to demonstrate that the proposed monitoring body will refrain from any action that is incompatible with its tasks and duties and that safeguards are put in place to ensure that will not engage with an incompatible occupation. Similarly, the monitoring body must remain free from external influence, whether direct orindirect, and shall neither seek nor take instructions from any person, organisation or association. The body should have its own staff which are chosen by them or some other body independent of the code and it should be subject to the exclusive direction of those bodies only. In the case of an internal monitoring body, it shall be protected from any sort of sanctions or interference (whether direct or indirect) by the code owner, other relevant bodies, or members of the code as a consequence of the fulfilment of its tasks.