Heh, no idea what GDPR has to do with password protected attachments but this reminds me of a nifty customer that decided that NextCloud or KeePass files are way too complicated and simply dropped me required data in my HOME folder on the brand new server I was supposed to configure next day anyway. This I could access with my very own ssh key generated just for this purpose the day before. I had to admire the simplicity – and I needed that data on this server anyway 😀
Also auto-complete is a PITA on occasion. Looking at you Firefox.