Among the many provisions of the GDPR with which companies are grappling is Article 10, which affects the processing of personal data relating to criminal activity. This kind of data collection is a core part of anti-corruption due diligence, as well as investigations. “The situation will basically put companies subject to both the GDPR and non-E.U. laws between a rock and a hard place,” Alja Poler De Zwart, counsel at Morrison Foerster in Brussels, told the Anti-Corruption Report. “Do you continue to comply with the FCPA and risk violating the GDPR, or do you scale your FCPA vetting back in fear of the GDPR fines and instead risk the wrath of the U.S. Department of Justice?” We discuss how companies can approach Article 10 and the patchwork of applicable member-state laws. See “New Criteria for Employee Monitoring Practices in Light of ECHR Decision” (Oct. 18, 2017).