Hi Carsten,
First of all I wanted to thank you for the time you took in looking into this proposal. It’s exactly with clarification questions like yours that I believe the proposal can progress in the (hopefully) best direction for all.
In this proposal we assume as “Internet number resources” widely, as all those organisations which hold Internet number resources - and whose information (apart from the legal address) are already appearing in the database. In principle we are mainly talking about companies, not individuals (and for those, we can safely assume that the special protection granted by the provisions of the GDPR have precedence on any other consideration).
This policy should also be applicable to legacy holders, in the circumstance where there exist a contractual relationship with the RIPE NCC. Slightly different is the case for LIRs, for which this proposal merely recommends and encourages the publication of the legal address of the customers having an administrative relation.