TY - JOUR AB - Purpose This paper aims to identify the controls provisioned in ISO/IEC 27001:2013 and ISO/IEC 27002:2013 that need to be extended to adequately meet, data protection requirements set by the General Data Protection Regulation (GDPR); it also indicates security management actions an organisation needs to perform to fulfil GDPR requirements. Thus, ISO/IEC 27001:2013 compliant organisations, can use this paper as a basis for extending the already existing security control modules towards data protection; and as guidance for reaching compliance with the regulation.Design/methodology/approach This study has followed a two-step approach; first, synergies between ISO/IEC 27001:2013 modules and GDPR requirements were identified, by analysing all 14 control modules of the ISO/IEC 27001:2013 and proposing the appropriate actions towards the satisfaction of data protection requirements. Second, this paper identified GDPR requirements not addressed by ISO/IEC 27001:2013.Findings The findings of this work include the identification of the common ground between the security controls that ISO/IEC 27001:2013 includes and the requirements that the GDPR imposes; the actions that need to be performed based on these security controls to adequately meet the data protection requirements that the GDPR imposes; and the identification of the remaining actions an ISO/IEC 27001 compliant organisation needs to perform to be able to adhere with the GDPR.Originality/value This paper provides a gap analysis and a further steps identification regarding the additional actions that need to be performed to allow an ISO/IEC 27001:2013 certified organisation to be compliant with the GDPR. VL - 28 IS - 4 SN - 2056-4961 DO - 10.1108/ICS-01-2020-0004 UR - https://doi.org/10.1108/ICS-01-2020-0004 AU - Diamantopoulou Vasiliki AU - Tsohou Aggeliki AU - Karyda Maria PY - 2020 Y1 - 2020/01/01 TI - From ISO/IEC27001:2013 and ISO/IEC27002:2013 to GDPR compliance controls T2 - Information & Computer Security PB - Emerald Publishing Limited SP - 645 EP - 662 Y2 - 2024/04/24 ER -