No, GDPR is not only for online data. The GDPR applies to personal data that’s processed one of two ways: electronically or manually using a paper-based filing system.
Users’ rights to access their personal data also applies to paper-based documents, which means businesses are required to give users any stored hard copies of their data in the event of an access request.
