Serious dark side of GDPR regulation: In Romania an investigative journalism group - who were investigating theft of EU funds by people in highest echelons of politics - were ordered by the Data Protection Authority (the one that supervises GDPR regulation for their country) to disclose their sources.
The timing is very suspect, and there are links between the authority and the same people that are under investigation.
The GDPR expressly gives protection to the information sources of journalists, but the way this case is set up (carried by the authoritative body itself) makes it a real possibility that these do not apply. In other words, a loophole in the GDPR.
As expected this is now a hot topic on Hacker News: https://news.ycombinator.com/item?id=18416887