The Cyprus law that implemented GDPR is Law For the Protection of Natural Persons against Processing of Personal Data and the Free Movement of Data (2018) (Επεξεργασίας των Δεδομένων Προσωπικού Χαρακτήρα και της Ελεύθερης Κυκλοφορίας των Δεδομένων αυτών Νόμος του 2018) is applied to the controller that is actually established in Cyprus and also for the controllers that are outside of Union and the Economic Area of the European Union who are using the automatic methods for the processing of the personal data.
The law actually gives the data subjects the basic information that is important for properly processing their data and for making the proper decisions. The individuals that are not having the right access for the personal data are allowed to access by writing the requests to the controllers. The controller is able to charge around 17 euros for the requests.
F. Boehm, ‘Assessing The New Instruments In EU-US Data Protection Law For Law Enforcement And Surveillance Purposes’ (2016) 2 European Data Protection Law Review.