Whois & GDPR
WHOIS need not have been in breach of the GDPR, except for the fact that compliant consent had not been obtained for most of the entries publishing personal data by the time GDPR came into force. It should have been possible to (a) pre-empt the problem given that the GDPR was public knowledge for several years while in the making and (b) obtain consent or arrange for non-publication at domain renewal time. Both these options seem to have been too esoteric for ICANN. So now we lose a very valuable way of detecting online fraudsters, as the hoops we'll have to jump through in the future will be about as fast and effective as UK Action Fraud.
However the high volume of bogus entries has long made WHOIS quite unreliable anyway.