Might there be a problem with not using https for the site in regard to the GDPR (May 2018!).

Since there's data stored (username, e-mail, password) and transmitted unencrypted?!