WHOIS the protocol is not the problem, it is the data it is used to publish. Then GDPR-related mitigations required would be the same whether you are publishing with WHOIS, RDAP or something else.
Also, ARIN only has allocations made in North America.
Plus, ARIN only covers North American allocations.
