Whois is already useless
Many, possibly most Whois entries are obfuscated by proxy registration services, usually the registrars.
A plan by ICANN to let governments collectively decide who is allowed to bypass new European privacy rules over domain names has been blasted by its most powerful member, the United States. At a meeting of DNS oversight organization ICANN, the US government representative told colleagues from across the globe his country didn' …
It's unbelievable how much nonsense is being published about the GDPR.
This regulation does not forbid the use of personal data. A company or business can process personal data as long as it is limited in purpose, lawful, fair and transparent to the individual.
The whois has a clear reason to exist, just like the yellow pages. Surely measures must be taken to prevent the unauthorized collection of the data, but there's nothing wrong with a repository of domain name holders as long as it is protected adequately from abuse.
Will Data Protection Authorities suddenly burst in at domain name registries and start fining them those "monster" fines? Of course not... there's other fish to fry, there's abuse of sensitive data, insufficient protection of personal (sensitive) data and the joy of machine learning without people knowing what's going on (FaceApp anyone?).
Of course an organization is still allowed to use personal data, whoever said the opposite? That hasn't changed.
What *has* changed is that an organization *must* prove it's protecting the data adequately, and that includes setting up written procedures and adding clauses to the contracts with its subcontractors showing just that. In that case, all registrars will have to show the contracts with ICANN contain that, or *they* will be liable.
And the DPAs might have a pan too small to fry many fishes (I doubt that, but okay): it's not only about them. It's protection of *personal* information. So any person can ask about it, and they must receive a timely answer, or they can sue, and the DPAs will have to go fetch bigger pans anyway.
I think you're underestimating the changes the GDPR is introducing. No worries, you're not alone...
Whois has been useless for a long time, unless your really a really stupid criminal and registered a domain name using your own home address its more than likely to be a fake address or proxy address in the whois data. So for years law enforcement agencies have had to contact the registrars with a relevant warrant and asking for billing information. IP logs etc. So i don't see how this is any different when GDPR comes into force.