Spam levels are down a bit, according to various reports. Is GDPR to thank? Truth be told, Spamhaus says, that GDPR actions taken by legitimate companies sending legitimate mail might have reduced the amount of mail they send, wanted or unwanted, but those companies weren't the biggest sources of spam to begin with.
The real issue, Spamhaus says, is that GDPR is "hampering organizations from effectively stopping career cybercriminals from defrauding innocent people."
Why? Because good guys fighting the bad actors sending bad mail utilize WHOIS data to help identify and track those bad actors. The effective gutting of data in WHOIS in response to GDPR impedes that good work, as shared by John Levine.
This isn't news to me. Hiding or redacting domain ownership has long been a pain point for anti-spam and internet security folks.