The big problem that many seem to have overloooked is that the EU cannot get at ICANN directly as ICANN doesn't (AFAIK) have an EU presence. However, all the registrars with an EU presence must abide by GDPR - and that means it would be illegal for a registrar to pass any personal data to ICANN unless ICANN abides by the rules of GDPR.
BUT, ICANN is a US based outfit and must abide by US law - which is incompatible with GDPR. That's going to be interesting once Privacy
Shield Figleaf is officially declared incompatible.