While PCI compliance is generally a set of procedures, there are some elements that will be very difficult to implement. An example of this is standard 3.2.1 from the most recent PCI Data Security Standards document (accessed from here):  

Do not store sensitive authentication data after authorization (even if 
encrypted). If sensitive authentication data is received, render all data unrecoverable upon completion of the authorization process. 

This can safely be ignored if there is a business justification and the data is stored securely. Removing items from the Forms database is not possible from inside the solution, and we don't support/recommend doing it by editing the database. 

Long story short, at the moment, it's difficult at best, and may not be possible at all to meet all PCI compliance requirements.