Legal requirements

Answer: If your organization must comply with this law then yes, compliance with it is a requirement for ISO 27001 certification.

Regarding if you should work first on the law or on ISO 27001, the first thing you should consider is the duration of your ISO 27001 implementation project and the deadline for compliance with that law. If your project can be concluded before the deadline, maybe it is better to start with ISO 27001 because, it can deliver an environment which can fulfil both, the law you need to be compliant with and other requirements your organization may have for the ISMS.

If your project cannot be finished before the deadline, you should consider if a reduction in the certification scope, e.g. to cover only the part of the original scope that would be related to the law yo u must be compliant with, can allow you to meet the deadline, and if postponing the implementation of the remaining scope is acceptable (since the management part of the system will be already implemented you will have less activities to perform).

If none of these alternatives are acceptable, then you should consider work first for compliance with the law, and after that make arrangements in the ISO 27001 implementation project to include those controls in the system.

This article will provide you further explanation about ISO 27001 projects:
- ISO 27001 project – How to make it work https://advisera.com/27001academy/blog/2013/04/22/iso-27001-project-how-to-make-it-work/

These materials will also help you regarding ISO 27001 projects:
- Preparations for the ISO Implementation Project: A Plain English Guide https://advisera.com/books/preparations-for-the-iso-implementation-project-a-plain-english-guide/
- Seven key problems to avoid in ISO 27001 implementation [free webinar] https://advisera.com/27001academy/webinar/seven-key-problems-to-avoid-in-iso-27001-implementation-free-webinar-on-demand/