No, GDPR is not only for online data. The GDPR applies to personal data that’s processed one of two ways: electronically or manually using a paper-based filing system.
Users’ rights to access their personal data also applies to paper-based documents, which means businesses are required to give users any stored hard copies of their data in the event of an access request.
To achieve GDPR compliance, you must honor users’ requests to access, update, or delete their personal data, whether it’s electronically or physically stored.
Trusted by thousands of companies worldwide, Termly’s intuitive software generates legal policies and handles consent management for any business in minutes.
Termly allows our users to focus more on their business instead of spending countless hours figuring out data privacy compliance. - Jona, Senior Product Manager @ Termly