I'll read "data which needs no security" as meaning "public data", which is signed, and encoded along the signature in the QR-Code.
Anyone can put a QR code that contains the original public data and signature on any document. That will pass verification against the original public key, with the original public data recovered by the scanner. A photocopy or a sharp photo shown by a smartphone will typically do¹ (that's often a feature).
Digital signature prevents alteration (not duplication) of the data that's signed. More in detail: The standard definition of a secure signature scheme is Existential UnForgeability under Chosen Message Attack [EUF-CMA]. In essence, it says that adversaries given the public key, and message/signature pairs (including for messages of their choice), can not produce a valid signature for any other message. That implies an attacker (assumed lacking private key and signing device) can not both pass verification against the original public key, and alter the public data recovered by the scanner. It does not prevent an adversary from submitting the original data and signature, which will pass a signature check.
We can't avoid cloning a 2D code. Other technologies like Smart Cards, or some more advanced paper-based technologies², can prevent cloning.
¹ Also, with practically all readers, the QR-code can be visually different, including significantly larger or smaller, another color, rotated, partially changed, and with slightly less or much more pixels by changing parameters of the encoding. With some readers it's also possible to mirror, invert contrast, or change from QR-code to another 2D code such as Aztec, DataMatrix, PDF417.
² It has been proposed to encode in the signed QR-code some hard-to-exactly-reproduce characteristic of the paper, and reject the QR-code if there's no match on verification.
