The objective of both the PCI DSS and the GDPR is to ensure an organization’s personal data is in a secured manner. The main focuses of PCI DSS are on payment card and cardholder data, whereas the GDPR focuses on European residents’ personal data. The main difference is that the GDPR is less prescriptive than the PCI DSS.
The GDPR provides guidance on what needs to protecting but does not clearly defined a detailed action plan, but PCI DSS has clearly defined an objective that what needs to be achieved and given clear direction for securing the payment card and cardholder data.
The PCI DSS as standards to achieve the objective of GDPR