If you store, process or transmit sensitive cardholder data then your organization will be in scope for compliance to this standard. You need to achieve and maintain compliance every minute of the day and you will be audited every year. It is not a legal requirement, but it is required by the leading card companies for taking credit and debit card payments.
Read more about PCI DSS