This white paper addresses how organizations who have implemented smart PCI DSS (Payment Card Industry Data Security Standard) programs can leverage their investment within their GDPR program. It starts by examining the potential impact PCI DSS is, and is not, having in addressing card payment fraud. It then takes a detailed dive reviewing fraud in the UK, where PCI DSS has been widely adopted, to attempt to analyse PCI DSS’s impact. Next it measures this impact against other fraud detection efforts combating card losses once cardholder data has been breached. It then investigates where cardholder breaches are still being perpetrated to determine the effectiveness of PCI DSS in protecting card account data. Finally with this understanding the paper then looks at how the lessons learned within PCI DSS can be applied to GDPR in order to minimize an organization’s cost and risks.