Despite a slew of data privacy breaches that I have spoken about here, the EU and UK in general have a longer horizon to hit critical mass with secure and compliant payment card environments. This is generally surprising given the seriousness and depth of the body of law within these regions around data protection and security. This is being more seriously addressed by the PCI SSC with the appointment of Jeremy King as the Director for the EU.
A nice article is available by TechTarget available here. The challenge of addressing state, EU, and UK mandates is nicely articulated by King in the following excerpt:
He concedes that Europe is more complex because every country has its own rules, regulations and requirements. “This creates challenges that are different in each country. I’ll be going round the different banking associations and acquirers so we can tackle some of the issues and resolve some of the problems that are preventing people from achieving PCI compliance,” King said.
Though the value of the PCI DSS structure is that it is consistent across all borders and is therefore functionally applicable only to payment card environments (globally?). This should provide greater adoption and not less, unless there are state laws that conflict with the adoption of industry best practices.
An interesting discussion and a welcome progressive step to see stronger focus on providing resources, support, and time.