If the TLD authority on the Island is offering a good/service to an EU person, even if they are outside the EU, they will need to protect that data in the way that the GDPR specifies. So they can either decide to not publicize that info for EU persons (based on address?), or not publish any natural person's data.
But let's say they didn't want to. No consequences, right? Not quite... the .im authority allows EU businesses (domain registrars) to register domain names (for example, I can go to transip.nl and register a .im domain name). TransIP has to comply with the GDPR. If TransIP collects my information to pass it outside the EU, they need to be certain that the organization they provide it to is also GDPR compliant. If they don't have those assurances, they can't give them the info. So not being GDPR compliant is not great for the .im revenue stream.
Finally, I have no clue about the legal regime on the Isle of Man. If I were them, I would probably try to sync up a lot of my laws with the UK (and thus EU, for now) laws. So my guess is they have some sort of data protection act, and that it's in line with the GDPR (or will be very soon).
But let's say they didn't want to. No consequences, right? Not quite... the .im authority allows EU businesses (domain registrars) to register domain names (for example, I can go to transip.nl and register a .im domain name). TransIP has to comply with the GDPR. If TransIP collects my information to pass it outside the EU, they need to be certain that the organization they provide it to is also GDPR compliant. If they don't have those assurances, they can't give them the info. So not being GDPR compliant is not great for the .im revenue stream.
Finally, I have no clue about the legal regime on the Isle of Man. If I were them, I would probably try to sync up a lot of my laws with the UK (and thus EU, for now) laws. So my guess is they have some sort of data protection act, and that it's in line with the GDPR (or will be very soon).