GDPR (The General Data Protection Regulation)…
Intends to strengthen and unify data protection around personal data (on the basis of respecting peoples’ fundamental rights and freedoms), and it applies to anyone living within the European Union. The regulation comes into Law in all EU countries in May 2018 and as soon as the GDPR becomes law, it will be law across all EU member states.
Failure to comply with the requirements for GDPR regarding the protection of customers’ personal data can result in serious consequences for organisations, including fines of up to £20milion or 4% of turnover (whichever is greater) in the case of a data breach or the failure to report one within 72 hours.
Both PCI DSS and GDPR intend to improve customer data protection. PCI DSS focuses on payment card data while the GDPR focuses on personally identifiable information. However, even though there is notable overlap there are significant differences in terms of how the two are phrased.