TheArtOfService
Cross-Framework Mapping

ISO 27001:2022vsGDPR

See exactly how ISO 27001:2022 controls map to GDPR. Pre-computed mappings, identified gaps, and coverage analysis.

79
Controls Mapped
16
Gaps Found
44%
Coverage

According to the TheArtOfService Compliance Knowledge Graph:

ISO 27001:2022 maps to GDPR with 44% coverage across 42 directly mapped controls. Analysis of 95 ISO 27001:2022 controls identifies 53 compliance gaps — primarily concentrated in A.5 Organizational Controls.

Source: TheArtOfService Knowledge Graph | 95 controls analysed | 693 frameworks | 820K+ cross-framework mappings

Control Mappings

Showing 20 of 79 mapped controls across 4 domains. Sign up to explore all 820K+ mappings across 693 frameworks.

A.5 Organizational Controls(20 mappings)

ISO27001-A.5.1Information security policy management2 targets
GDPR-Art.24Responsibility of the controller
GDPR-Art.30Records of processing activities
ISO27001-A.5.14Secure data exchange procedures
GDPR-Art.32Security of processing
ISO27001-A.5.18Access entitlement provisioning and review4 targets
GDPR-Art.24Responsibility of the controller
GDPR-Art.25Data protection by design and by default
GDPR-Art.29Processing under the authority of the controller or processor
GDPR-Art.32Security of processing
ISO27001-A.5.2Security roles and accountability assignments4 targets
GDPR-Art.24Responsibility of the controller
GDPR-Art.37Designation of the data protection officer
GDPR-Art.38Position of the data protection officer
GDPR-Art.39Tasks of the data protection officer
ISO27001-A.5.21ICT supply chain security oversight2 targets
GDPR-Art.28Processor
GDPR-Art.32Security of processing
ISO27001-A.5.23Cloud service security governance3 targets
GDPR-Art.28Processor
GDPR-Art.32Security of processing
GDPR-Art.35Data protection impact assessment
ISO27001-A.5.25Security event triage and escalation2 targets
GDPR-Art.33Notification of a personal data breach to the supervisory authority
GDPR-Art.34Communication of a personal data breach to the data subject
ISO27001-A.5.29Security continuity during disruptions
GDPR-Art.32Security of processing
ISO27001-A.5.31Legal and regulatory obligation tracking
GDPR-Art.24Responsibility of the controller

+59 more mappings

Plus AI-powered gap analysis, compliance advisory, PDF exports, and cross-mapping for all 693 frameworks.

Create Free Account →

Free forever — no credit card required

Related Comparisons

Other ISO 27001:2022 comparisons

ISO 27001:2022 vs CSA CCM v488 mappingsISO 27001:2022 vs NIST SP 800-53 Rev 578 mappingsISO 27001:2022 vs SOC 272 mappingsISO 27001:2022 vs PCI DSS v4.070 mappingsISO 27001:2022 vs NAIC Insurance Data Security Model Law (MDL-668)67 mappingsISO 27001:2022 vs NIST Cybersecurity Framework 2.066 mappingsISO 27001:2022 vs DORA57 mappingsISO 27001:2022 vs TISAX — Trusted Information Security Assessment Exchange26 mappings

Other GDPR comparisons

EU In Vitro Diagnostic Medical Devices Regulation (IVDR) vs GDPR13 mappingsEthiopia Personal Data Protection Proclamation (No. 1321/2024) vs GDPR13 mappingsDigital Services Act (DSA) - Regulation (EU) 2022/2065 vs GDPR13 mappingsEU Network Code on Cybersecurity for the Electricity Sector vs GDPR13 mappingsAfrican Union Malabo Convention vs GDPR13 mappingsCosta Rica Personal Data Protection Law (Law No. 8968) as amended by Executive Decree No. 42089-MGP vs GDPR13 mappingsPakistan Personal Data Protection Bill 2023 vs GDPR13 mappingsPortugal Law No. 58/2019 — Data Protection Implementation Act vs GDPR13 mappings

Stop Paying Consultants to Read Spreadsheets

AI-powered compliance intelligence across 693 frameworks — at a fraction of consulting costs.

$0/forever

Free

  • 693 framework browser
  • Cross-framework mappings (820K+)
  • 824 compliance assessments
  • 3 AI queries & searches per day
Get Started Free
Recommended
$49/month

Professional

  • Unlimited AI Compliance Advisory
  • Unlimited full-text search
  • Framework self-assessment
  • PDF, Excel & CSV exports
Start 7-Day Free Trial →

Popular framework comparisons

NIST CSF vs NIST 800-53ISO 27001 vs NIST CSFCMMC vs NIST 800-53FedRAMP vs NIST 800-53NIST CSF vs SOC 2HIPAA vs NIST 800-53ISO 27001 vs SOC 2ISO 27001 vs ISO 27701

What are the key differences between ISO 27001:2022 and GDPR?

ISO 27001:2022 has 95 controls across its framework, while GDPR covers 44 controls. Direct mapping analysis identifies 42 overlapping controls (44% coverage). The frameworks diverge most significantly in A.5 Organizational Controls, where 23 ISO 27001:2022 controls have no direct GDPR equivalent.

How many controls map between ISO 27001:2022 and GDPR?

Of 95 total ISO 27001:2022 controls, 42 map directly to GDPR controls — representing 44% coverage. The remaining 53 controls represent compliance gaps requiring additional documentation or compensating controls to satisfy both frameworks simultaneously.

What are the compliance gaps when mapping ISO 27001:2022 to GDPR?

53 ISO 27001:2022 controls have no direct equivalent in GDPR. The highest concentration of gaps is in A.5 Organizational Controls with 23 unmapped controls. These gaps represent areas where additional controls, policies, or documentation must be created to achieve compliance with both frameworks.

Which control domains have the most gaps between ISO 27001:2022 and GDPR?

The domain with the highest gap count is A.5 Organizational Controls (23 gaps). Export the full domain-by-domain gap breakdown via the Professional tier to generate a prioritised remediation roadmap.

Related Resources

How to Map Controls Across Frameworks|Multi-Framework Compliance Guide|Compliance Glossary

This platform provides educational compliance tools, not legal, regulatory, or professional compliance advice. Cross-framework mappings are AI-assisted interpretations and do not reproduce or replace official standards. Framework names and trademarks belong to their respective owners. Consult qualified professionals for your specific compliance requirements. See our Terms of Service.