When you buy a domain, the registration data becomes part of a database called Whois. It stores information related to the domain, such as who owns it, its registration and expiration date, the DNS servers associated with it, etc.
With the entry into force of the General Data Protection Regulation (GDPR), the personal data of the users responsible for the domains are no longer published in the Whois. Only the registration date, the expiration date and the registrar that has it are made public. Therefore, if you are interested in contacting the owner of a domain, or if someone wanted to negotiate with you about a domain that you have, you would have to talk to the provider first so that they provide you with a contact form. Thus, the owner's personal data remains protected at all times against malicious use by third parties.