Lack of public Whois makes filing a UDRP a two-step process.
GDPR is impacting the Uniform Domain Name Dispute Policy process. Without public Whois, companies that believe someone is cybersquatting on their domain might have to “go blind” into a UDRP filing; they won’t know who the domain name registrant is.
This is one of the things World Intellectual Property Organization is grappling with, and it has an FAQ for complainants that explains how this works.
Once a complaint is filed, WIPO gets the registrant’s information from the registrar and passes it along to the complainant. The complainant has a chance to amend its complaint at this point.
The complainant can also drop the case at this point based on what it learns about the registrant. According to WIPO, 20% of cases are settled before a panelist is assigned to a case. (I suspect most of these are cases in which the domain owner voluntarily hands over the domain.)
The WIPO FAQ does not address a common argument made by complainants: that the domain owner acted in bad faith by using a Whois privacy service. Item 3.6 of the WIPO Overview of WIPO Panel Views on Selected UDRP Questions, Third Edition explains what panels infer from the use of a privacy or proxy service. There are plenty of legitimate uses for privacy that don’t include hiding a cybersquatter’s identity.
But with GDPR, the privacy/proxy argument is effectively dead. Whois is masked by default at most registrars now and some are using their Whois proxy services to do this. It’s not up to the registrant.
I still expect some complainants to make this argument, probably cutting-and-pasting from their argument database. But the argument is null and void.