A draft of the new ICANN Whois policy was published a few days ago. https://www.icann.org/en/system/files/files/proposed-gtld-registration-data-...
From that document:
"This Temporary Specification for gTLD Registration Data (Temporary Specification) establishes temporary requirements to allow ICANN and gTLD registry operators and registrars to continue to comply with existing ICANN contractual requirements and community-developed policies in light of the GDPR. Consistent with ICANN’s stated objective to comply with the GDPR, while maintaining the existing WHOIS system to the greatest extent possible, the Temporary Specification maintains robust collection of Registration Data (including Registrant, Administrative, and Technical contact information), but restricts most Personal Data to layered/tiered access. Users with a legitimate and proportionate purpose for accessing the non-public Personal Data will be able to request such access through Registrars and Registry Operators. Users will also maintain the ability to contact the Registrant or Administrative and Technical contacts through an anonymized email or web form. The Temporary Specification shall be implemented where required by the GDPR, while providing flexibility to Registry Operators and Registrars to choose to apply the requirements on a global basis based on implementation, commercial reasonableness and fairness considerations. The Temporary Specification applies to all registrations, without requiring Registrars to differentiate between registrations of legal and natural persons. It also covers data processing arrangements between and among ICANN, Registry Operators, Registrars, and Data Escrow Agents as necessary for compliance with the GDPR."