To comply with the FCPA, companies must exercise decisive control – they must act quickly and effectively to investigate potential corrupt actions and conduct thorough due diligence. These actions, coupled with the inevitable time pressure, can put a company in direct conflict with foreign data privacy laws. Carefully crafting compliance policies and investigation plans can minimize this conflict. This article, the third in a three-part series, details six steps companies should take at the beginning of an investigation; delves into the issues facing companies that perform internal investigations and conduct due diligence; and offers concrete advice from top practitioners about conducting those activities in a way that minimizes the risk of violating data privacy laws. The first article in this series discussed the application of data privacy laws to FCPA compliance and the specifics of the E.U. data privacy regime, including: data processing principles; restrictions on data transfer; data transfer mechanisms, including the meaning of “safe harbor status,” binding corporate rules and European model clause agreements; as well as how potential new regulation can affect data collection. See “Conflicting Compliance Obligations: How to Navigate Data Privacy Laws While Performing Internal Investigations and Promoting FCPA Compliance in the E.U. (Part One of Three)” (Jan. 9, 2013). The second article in this series discussed how France applies the relevant E.U. Directive; best practices for due diligence in France; and six specific steps a company should take before a need to investigate arises in France as well as other E.U. member states and other jurisdictions with similar data privacy regimes. See “Conflicting Compliance Obligations: How to Navigate Data Privacy Laws While Performing Internal Investigations and Promoting FCPA Compliance in the E.U. (Part Two of Three)” (Jan. 23, 2013).