Implementation alternatives

Answer: The first thing you should consider is the duration of your ISO 27001 implementation project and the deadline for EU GDPR compliance. If your project can be concluded before the deadline maybe it is better to start with ISO 27001 because, as you said, it can deliver an environment which satisfies GDPR and other requirements your organization may have for the ISMS.

If your project cannot be finished before the deadline, you should consider if a reduction in the certification scope, e.g. to cover only the part of the original scope that would be related to EU GDPR, can allow you to meet the deadline, and if post poning the implementation of the remaining scope is acceptable (since the management part of the system will be already implemented you will have less activities to perform).

If none of these alternatives are acceptable, then you should consider going first for EU GDPR compliance, and after that make arrangements in the ISO 27001 implementation project to include those controls in the system.

This articles will provide you further explanation about ISO 27001 projects:
- ISO 27001 project – How to make it work https://advisera.com/27001academy/blog/2013/04/22/iso-27001-project-how-to-make-it-work/
- Does ISO 27001 implementation satisfy EU GDPR requirements? https://advisera.com/27001academy/blog/2016/10/17/does-iso-27001-implementation-satisfy-eu-gdpr-requirements/

These materials will also help you regarding ISO 27001 projects:
- Preparations for the ISO Implementation Project: A Plain English Guide https://advisera.com/books/preparations-for-the-iso-implementation-project-a-plain-english-guide/
- Seven key problems to avoid in ISO 27001 implementation [free webinar] https://advisera.com/27001academy/webinar/seven-key-problems-to-avoid-in-iso-27001-implementation-free-webinar-on-demand/