How We Protect Your Data: An Introduction to Our GDPR Compliance and Annual ISAE 3000 Audit

Back to all posts
How We Protect Your Data: An Introduction to Our GDPR Compliance and Annual ISAE 3000 Audit

This blog post is tailored for both data security officers who want insights into our security measures and procedures, and for those with a basic understanding of GDPR who want to deepen their knowledge of practical data protection. Learn how our annual audit by an independent third party certifies our compliance with GDPR and other regulations, and get an understanding of the importance of our ongoing work on data security.

At ONLINECITY.IO, GatewayAPI’s parent company, information and IT security is paramount, and we work on a daily basis to further strengthen our security, including the protection of personal data. For the new communication platforms that the ONLINECITY.IO team has under construction, including and, we work on the principle of privacy by design, where data security is implemented at all levels both technically and organizationally.

Annually, we document our work and prove that we follow our internal policies and procedures ranging from password use, staff training, risk assessments to network security and much much more relevant to GDPR and IT security. 

It is not enough to say that you have high security, you also have to be able to prove it, and we do that in ONLINECITY.IO by having an annual audit called ISAE 3000.

What is an ISAE 3000 audit statement?

An ISAE 3000 statement is an independent audit that examines and assesses in detail all the aspects of a company that handles personal data on behalf of others. In GDPR terminology, ONLINECITY.IO acts as a data processor in this context.

By obtaining an ISAE 3000 declaration, ONLINECITY.IO can prove that its IT security level is top-notch, which is verified by the audit firm in a number of technical and organizational areas.

Our customers can hand over their data to us with peace of mind, knowing that we are taking good care of it. In fact, we are so proud of this work that we choose to publish our statement on our website.

We are particularly proud that our current ISAE 3000 declaration covers not just one, but three different platforms. This is testament to our deep commitment to data security across our company.


We are always at your disposal

We live in a digitized world, and it is therefore important that you find a partner or supplier you can trust with your data. In fact, it is so important that new measures are being taken to ensure this, including in the form of the new EU directive NIS2, which places even higher demands on IT security than before, including a focus on in-depth evaluation of the company’s supply chain

ONLINECITY.IO treats data with great care and we are always available to our customers to provide the necessary assistance or support to prove that our security is adequate for the data processing we perform.

More about our security measures

At ONLINECITY.IO, we are strongly committed to protecting both our customers’ and our own data through a combination of robust technical and organizational measures. This is in line with Article 32 of the GDPR Regulation, which highlights the importance of appropriate safeguards.

Organizational measures are policies, procedures and guidelines, which, based on ISO27001, ensure that employees who work with a security area have an appropriate behavior and work process in the way they process data, whether it is ONLINECITY.IO’s data or our customers’ data. It is in this work where risk assessments are prepared and our staff is trained in understanding IT security and the processing of personal data and much more.  

On the technical side, our protection measures involve traditional security methods such as firewalls, data backup and various encryption methods. Together, all these measures ensure that we maintain high security standards. 

We keep a constant eye on the threat landscape and are always ready to strengthen our security measures where necessary. This ensures that the data we process and protect is not only safe today, but also in the future.

Do you want to know more?

We are available to any data subject and any customer or customer’s customer who wishes to discuss our compliance with us. We are transparent in our efforts and want to give our customers complete security and peace of mind by using us as a supplier.

If you have specific questions or follow-ups in relation to the above, we are here to help. You can write to us with GDPR-related questions at


Global SMS Gateway

We have made it simple to implement SMS services into your business by offering some of the best prices worldwide as well as easy integration, world-class customer support, an intuitive interface and a rock-solid uptime of 99.99%. If you don’t have an account yet, you can create a FREE account in less than two minutes here: Go to GatewayAPI or contact