While the legal community has spent much of the last year exhaustively dissecting the European Union’s new General Data Protection Regulation (GDPR), nearly half of businesses in the United States are still not compliant with standards governing the collection, storage, and disposal of payment (credit/debit) card data. Businesses of all sizes should work to ensure that they understand and are in compliance with these standards, or risk significant exposure in the event of a payment card data breach traced back to their organization.