The GDPR is not based on the Data Protection Act. the GDPR is the ‘sequel’ of directive 95/46/EG, and the DPA is an implementation of that same directive. That is why they are similar on some aspects.
Under the GDPR, providing a copy of the data is required.
Although from a personal note I think anything would be better than the current gzipped CSV file, it is more GDPR compliant than a PDF. The law requires (article 20)
a structured, commonly used and machine-readable format
So a CSV would be better, since a PDF is less clearly structured and less machine-readable.