Since a company within the US already has to meet and be in compliance with PCI standards, can that compliance certificate then be used as a accepted compliance for GDPR?
Partially. PCI compliance is evidence that your systems are secure; however it does not include certain data protection aspects that would be relevant such as abiding by the GDPR rules regarding SAR, data retention periods, data sharing and consent.
To minimize your risk and ensure your compliance click here