The GDPR changes a lot of data protection law, but how will it affect dumped databases of passwords?
At the moment these can be used to work out the most common passwords, and sites can use this knowledge to prevent people choosing overly common passwords.
Will this still be allowed under GDPR, as the password databases can be considered personal data, and if not would anonymising the passwords, so that they are stored without account details fix the issue, or would the passwords still be treated as personal information?