Authorities now handling it, out of my hands. I dont want my details appearing on that website so anyone who knows me can put my email addresses (past and present) to see what hacked sites or databases its appeared on.
Only if in possession of the email address or domain name.
Where an email address or domain name has been taken over by someone else, then sending the results to the email address instead of currently showing it on the webpage doesnt solve the problem. This data set is ripe for blackmailers, intelligence services and any company looking for intelligence on rival businesses.
"The regulation applies if the data controller (an organisation that collects data from EU residents), or processor (an organisation that processes data on behalf of a data controller like cloud service providers), or the data subject (person) is based in the EU. Under certain circumstances,[2] the regulation also applies to organisations based outside the EU if they collect or process personal data of individuals located inside the EU. The regulation does not apply to the processing of data by a person for a "purely personal or household activity and thus with no connection to a professional or commercial activity." (Recital 18) "
The EU laws apply to people and entities outside of the EU, he is not immune from these EU laws because he is affecting the lives of every European who has an email address in this website.
Its quite interesting putting in various peoples email addresses to see what sites they are linked to. Maybe once he has made some money out of it, a GDPR claim and financial settlement can be made as he's made no steps to control the data privacy of Europeans.