With the recent start date of GDPR and all of the related emails you are likely receiving, compliance is on my mind. Although every form of compliance is slightly different, there are common steps we developers can take to help our customers. This article will go more into consulting than a typical developer may need to drift. However, these steps may help you look more senior to your bosses than you are.
Compliance Goals
The first thing to learn about any form compliance is the primary goal (or goals) of the requirements. When you determine this, you can understand the spirit of the compliance as well as the letter of the rules. The spirit part of the requirements is essential to help during implementation. It provides a high-level way to think about implementation in ways that will point to best practices and key considerations. For example, GDPR is about personal information, HIPPA is about health care, PCI is about security, etc. The core goals of any compliance can not only show you where you need to comply; they can lead to areas that do not need to be worried about as much.
The Key Tasks
For a developer, every compliance need includes one or more tasks that have to go into applications. Your manager, lead, or company will often dictate the work to be done. However, it helps when you know what these are beforehand and understand the best practices. There is also a sort of rhythm you can achieve in coding for some requirements. Security, in particular, jumps out as a concern that can color your coding. The ways to avoid cross-scripting and injection attacks can become ingrained in your style. This makes you a better developer as well as adding a level of professionalism to your style.
Avoid Minutae
A word of warning. Some compliance specifications can be incredibly long making them tedious to read and comprehend. A developer can avoid spending this time and effort by reviewing summaries and overview articles. In fact, the best way to find this information is on CIO/CTO focused sites. The material will highlight the technical requirements at a high level. Once you have that outline, you can review developer sites to find more details. Of course, there are also blog sites that tend to cover how to comply that can save a lot of time.
Compliance is often over-dramatized by the industry. At least from a developer point-of-view. It all boils down to specific requirements you have to be aware of when coding. They typically are little more than best-practice standards and are useful to incorporate into your daily process anyway. Do not get sucked into the politics of compliance. Life is less stressful when you simplify complying down to the coding approach you need to take.