Business Consulting services

All legal entities that collect and process personal data (in GDPR terminology known as data controllers) are required to comply with the GDPR. Apart from the fact that the institution itself has to be in line with GDPR, it is important to keep in mind that all external suppliers of services (data processors) also have to be adequately aligned with the GDPR, and in that case the responsibility is on the data collector to see through that data processor is adequately aligned with GDPR.

The point of the GDPR is that every person has the right to know what happens to the submitted data, for what purposes they were collected, for which they are handed over to all third parties and for what purpose. In this respect, persons (known as data subjects in GDPR terminology) are entitled and must receive a response within 30 days from the legal entity in possession of their data about exactly what they are doing with them and/or may request a whole range of actions – deletion, modification of data, restriction in processing, transfer to third parties, etc.

Since the Regulation does not state what technical protection measures should be applied but it is expected that the same should be applied, each institution needs to assess how well is data protected and how sensitive is their business activity. At the same time, data controllers are obliged to assess what is the chance of alienation or any other aspect of inadequate data handling. For some institutions, adequate data protection is sufficient through code on the computer and keeping the documentation in the key cabinet, and some institutions will need to use multiple security encryption tools to protect their data in operational business. However, it is evident that regulators within the EU emphasize the importance of technical data protection measures.

Consent is collected for collecting and processing personal data only in cases when the collecting and processing of personal data is not regulated by the law and / or existing contractual agreement. For example, it is not possible to ask the bank in which you have a current account to delete your personal data and in the same time continue using the bank services at the same time. Consents are most commonly used in practice for part of data that is not covered by the contract or those that are not defined by the law. For example, for the implementation of the Contract of employment, it is not necessary to collect the employee's consent for basic personal data, but if the employer uses the satellite tracking of official vehicles, for such processing of personal data company needs to have employee's consent.

Apart from the GDPR, the relationship between physical persons and service providers will be further defined by the future regulations such as ePrivacy, IDD, the Taliban Declaration, PSD2, and similar regulations which will guarantee the physical person a high quality data retention and transparent data processing including personal data. It is to be expected that the security and transparency of data processing in the coming years will be an increasing focus of regulators and legislative bodies.

The obligation to comply with that law is: - company employing at least 50 employees, regardless of the nature of their activity - small and micro-enterprises, which, among others, participate in public procurement tenders, use EU funds, are subject to money laundering or belong to regulated entities in the financial services sector - legal entities in the public sector.

The goal of the NIS Directive is to ensure in all EU Member States a common level of security of network and information systems, whose malfunctioning due to security incidents could have a strong impact on society or the national economy.

NIS 2, like the previous version of the Directive, concerns operators of essential services and digital service providers, but the number of sectors it covers will expand from the previous 19 to 35. This will include, in addition to sectors such as energy, health, banking and finance, drinking water supply and distribution, digital infrastructure and services in State information infrastructure systems, such as postal services, waste management, food and chemical production and distribution. NIS Directive 2 will also apply to public administrations at central and regional level

Digital operational Resilience Act - DORA creates a regulatory framework for digital operational resilience, under which all companies (affected by the obligation) must ensure that they are resilient to and able to respond to and recover from all types of ICT-related (information and communication technologies) disruptions and threats. The same requirements apply to all EU Member States, with the main objective of preventing and mitigating cyber threats.

The obliged entities are: Insurance companies Investment companies shall comprise: ICT risk management risk management of ICT third party risk testing of digital operational resilience ICT incidents monitoring critical ICT third party service providers

Since co-financing through EU funds is not a banking service, state bodies that file and evaluate applications for EU funds, have to be sure that the proposed project and related activities are absolutely meaningful and business-justified. In doing so, the business plan is the only document that can guarantee the success of the proposed business idea. In this sense, the business plan must be fully detailed and all information quantified and verifiable. The Boost team will explain all the details of the co-financing by stages and expected steps. Only then can you decide whether you want to fund your development through EU funds or otherwise.

Boost LLC follows a number of tenders which are available through the Structural Funds. Company is focused on tenders targeted at micro, small and medium-sized entrepreneurs, such as product certification, participation at international fairs; introduction of recognized business process management systems (ISO 9001, 14001, etc.), investing in Hardware-Software solutions etc.

Boost also monitors co-financing services and / or alternative financial funding sources offered by the institutions such as HAMAG Bicro, HBOR, county and city funds.

Boost approaches to the EU funding through several steps. Primarily, client is informed about all the good and bad sides including possible consequence of such type of financing. It is clearly defined with the client what does Boost provides and performs at the operational level and given financial offer to the client can be fully or partially accepted or rejected. Boost greatly differentiates the writing service from the (already approved) project management service.

In a period 2014-2020. Boost has 100% success in withdrawing funds from EU fund programmes for its clients.

Boost has the experience and expertise in the implementation of the four key international standards that are most commonly practiced in the Republic of Croatia, such as QMS (Quality Management System - ISO 9001), EMS (Environmental Management System - ISO 14001), ISMS (Information Security Management System - ISO 27001) and OH&S (Occupational health and safety management systems - ISO 45001).

Boost helps the client to implement and certify the ISO standard (one or more) by scanning a complete internal business, checking compliance with the legal framework, preparing documentation to demonstrate compliance, and assisting the client to implement the rules of the operating plan. Only then does the selected certification company conducts the certification.

Depending on the number of standards, number of clients working locations and administrative preparedness, duration of all necessary activities is estimated at the very beginning of the project. The client is presented with the project plan including all the steps deadlines and responsible persons (KPI’s). In general, the implementation itself should not last for less than 2 months or longer than 7 months.

Boost suggests to clients a commercial relationship by which most of the contracted funds are charged only upon successful certification. Pricing models and payout intensity are negotiated with each client individually.

Certified institution carries out a 2 year audit of compliance with the standard, and the third year is the so-called recertification year since the standards are changed or upgraded every couple of years.

In agreement with the client, first we make the scanning of the situation and then give the recommendations for business improvement. Depending on size of the client and the industry in which he operates, steps may be proposed that will further enhance the internal and external elements of the company's business development. The focus of business consulting can be a long-term development strategy, HRM and ICT topics, as well as sales and marketing strategies.

The Boost Team works in a way to make clear recommendations with all the elements of a pro & contra proposals and provides clear, transparent and unambiguous recommendations for business changes. It is the client's choice to accept the recommendations in whole or partially. Upon completion of the project, the Boost team remains at client’s disposal for any interpretations, additional advice and suggestions regarding the proposed changes.

Boost team offers the possibility of project engagement, per-call access and / or monthly agreed number of working hours to the extent in which are the Boost experts available. Consumption of working hours, price models and the intensity of engagement are negotiable.

Boost covers the following expertise among the employees, but also has a broad network of partners providing the "one-stop-shop" principle for the client: the EU and other types of co-financing for business development, legal compliance, ISO implementation, business analysis and strategic and investment studies, analysis of the effectiveness of individual business segments (such as ICT, HRM, sales, marketing, etc.) and operational assistance in public procurement. With partner institutions we are able to offer legal services, branding, ICT services and operational project management.

For years, Boost has been systematically working to develop a network of business partners for its clients, whether they need products or services from other countries or want to place their products and services globally. In this regard, Boost has developed a network of partners in Central and Eastern Europe, in the Middle East, China and South Africa.

Boost operationally assists micro and small businesses in the business development process, from the very idea of setting up a company, registering and initially complying with the legal framework, all the way to helping find alternative sources of (co) financing for development (such as EU funds, HAMAG and HBOR funds, etc.).