Case Study: The Francis Crick Institute achieves GDPR compliance and rapid sensitive-data discovery with Rubrik Sonar

Francis Crick Institute Uses Rubrik Sonar to Manage Sensitive Data Risk and GDPR Compliance

The Francis Crick Institute, a London biomedical research center with more than 1,500 scientists and staff and partnerships across leading universities and research organizations, needed to get control of sensitive personally identifiable information (PII) after GDPR raised compliance requirements. Their IT team relied on slow, manual processes and lacked global visibility across hundreds of servers, creating blind spots and the risk that PII could be exposed in unauthorized locations (for example, thousands of documents left in a web server upload folder).

They deployed Rubrik Sonar to scan existing backup data using pre-defined templates and analyzers for UK PII, giving automated, centralized discovery and pinpointed file-level visibility without impacting production systems. Sonar identified over 50,000 at-risk files, enabled audit reporting via a single dashboard, reduced search times from hours or weeks to minutes, and helped the institute remediate unauthorized repositories to minimize exposure.

The Francis Crick Institute

Gareth Butler

Senior Infrastructure Architect