I'm in the process of implementing ISO 27001 for an accounting firm in India who processes data of customers in UK. I believe the firm also needs to be complied to GDPR, what would be compliance requirements should I consider?
When implementing ISO27001 you must examine content 1. Regulations, 2. Contracts and 3 Security Policy , so your security policy will have to ensure that GDPR compliance is part of the regulation, and your context. With GDPR DPIA ( Data Protection Impact Assessment) is the key part of it, and you have to use this as part of your risk assessment analyses, risk register and SOA for ISO27001 controls.
Go through your Annex A controls, and utilising your DPIA define your Statement of Applicability and incorporate that into your ISO27001 documentation.