Businesses that are found to be out of compliance with PCI may be subject to fines by the entity they use to process their credit card transactions. Businesses that have a data breach where credit card data is actually stolen will be subject to much larger fines and fees from the banks, card brands, etc., and are required to report the breach, which quickly makes the news and causes further reputational damage.
We recommend you first reach out to the organization that you feel is out of compliance, so that they will hopefully resolve the issue themselves. You can even share this website with them, should they be completely unaware of the Payment Card Industry Data Security Standard (PCI DSS) and its applicability to their business.
If you fail to get a resolution and you know which credit card processor the organization uses, then you can report the violation directly to them. You can also go directly to the credit card brands (Visa, MasterCard, Amex, Etc.) to report the problematic business; each brand has a spot on their website for lodging security/compliance-related complaints.
If you believe your payment card data may have been compromised, contact your issuing bank and request a new card.