As Turkey's capital, Ankara hosts the majority of the country's ministries, directorates-general, public hospitals, universities and local governments. The daily operations of these institutions run on corporate servers, RAID storage arrays, databases and electronic document management systems. The moment a disk fails, a RAID array collapses, ransomware strikes or data is accidentally deleted, a service affecting thousands of citizens can grind to a halt. This article explains, honestly and professionally, the correct steps to take when a public institution loses data, the obligations under KVKK (Turkey's data protection law) and public data security, the requirements for confidentiality and auditability, and how the corporate process and invoicing work.

Quick Answer

When a public institution loses data, immediately power down the affected system safely. Do not restart the server, do not rebuild the RAID array and absolutely do not format the disk. Unauthorized intervention can permanently destroy recoverable data. Within the framework of KVKK and corporate confidentiality, engage a professional laboratory that signs an NDA, using an auditable and documented handover process. Diagnosis comes first, then approved recovery.

Critical Data Types in Public Institutions

Lost data in a government office is rarely a single user's file. It is records that directly affect the continuity of public service, concern large numbers of people and are legally required to be retained. The critical data types we most often encounter in corporate environments are:

Corporate Servers and RAID Storage

Public data centers contain file servers, virtualization hosts and storage arrays configured as RAID 1, RAID 5, RAID 6 or RAID 10. The simultaneous failure of multiple disks, a controller card failure or an incorrect disk swap can make an entire array inaccessible.

Databases (SQL and Oracle)

Personnel, accounting, appointment, procurement and citizen service records are usually kept in Microsoft SQL Server, Oracle or PostgreSQL databases. Corrupted database files (MDF, LDF, DBF), damaged tablespaces or incomplete backups cause serious service interruptions.

EBYS and Document Archives

The Electronic Document Management System (EBYS) is the digital backbone of official correspondence, approvals and document flow. Damage to the EBYS database or document repository can stop both internal and inter-agency correspondence.

Personnel, Citizen and Project Records

Personnel files, citizen application and service records, project files and tender documents are both critical and sensitive because they contain personal data. Losing this data can have not only operational but also legal consequences.

Backup Systems

Backup devices (NAS, tape libraries, backup disks) are often the last line of defense. A silently failing backup job, corrupted backup sets or misconfigured rotation can turn into a disaster at the moment of recovery.

Typical Data Loss Scenarios in Public Institutions

The table below summarizes the most common loss scenarios we see in public institutions, their likely causes and what to do first:

Scenario Likely Cause First Action
RAID / server collapse Multiple disk failure, controller fault, wrong disk swap Power down, do not rebuild, do not disturb disk order
Ransomware Encryption attack, lateral spread over the network Disconnect from network, power down, notify USOM, protect backups
Accidental deletion Human error, faulty script, format Stop all writes, do not touch the disk
Corrupt database Sudden shutdown, file corruption, partial write Stop running the database, preserve MDF/LDF files
Failed backup Silent error, corrupt set, faulty rotation Keep all existing media, do not overwrite

These scenarios share one thing in common: unauthorized or hasty intervention can permanently destroy recoverable data. The most valuable step is to break nothing in the first minutes.

KVKK and Public Data Security

Public institutions act as data controllers under Turkey's Law No. 6698 on the Protection of Personal Data (KVKK). The processing, storage and sharing of personal data belonging to citizens and personnel are subject to strict rules. The data recovery process is no exception to this framework.

When working with a data recovery laboratory, the institution must be certain that data will be processed only for recovery purposes, for a limited time and under a confidentiality commitment. For this reason, the chosen laboratory is expected to sign a non-disclosure agreement (NDA), never remove data from the institution without authorization and securely destroy residual data when the work is complete. From an information security management perspective, working principles aligned with the ISO/IEC 27001 standard make this trust concrete.

An important note on honesty: this service is intended for the recovery of standard administrative and corporate data. Systems classified as state secrets or carrying special security grades are subject to their own closed procedures, and for such systems the institution's own authorized units and official channels are essential. DSET does not claim to handle classified or state-secret systems; it focuses on recovering administrative, operational and corporate data confidentially and in compliance with regulations.

Confidentiality, Auditability and Chain of Custody

In public procurement and sensitive data processing, the most frequently asked question is trust: Whose hands did our data pass through, where was it stored, who accessed it? A professional data recovery process must be able to answer these questions with documentation.

Chain of Custody

Every stage, from the moment the media is received to the moment it is returned, is recorded. The handover record, serial number, physical condition assessment, lab entry and exit times, which technician intervened and the operations performed are all documented. This approach aligns with the spirit of digital evidence handling guidelines such as ISO/IEC 27037 and ensures that the process is auditable.

Access Control and Isolated Work

Sensitive public data is processed in an isolated environment accessed only by a limited number of authorized personnel. Recovered data is delivered in an encrypted medium approved by the institution. When the work is complete, residual data is destroyed using secure erasure methods in line with the institution's instructions, and this destruction is also recorded.

Transparent Reporting

At the end of the process, the institution receives a technical report describing which data was recovered, the recovery rate and the steps applied. This report provides a concrete basis for the institution's internal audit and regulatory obligations.

Corporate Process and Invoicing

Working with public institutions requires a different discipline from individual customers. DSET adopts a way of working suited to corporate and public procurement processes:

  • Free diagnosis first: the media is examined in the laboratory and the likelihood and scope of recovery are determined.
  • Written quote and approval: the institution receives a written offer covering scope, time and cost. No paid work begins without approval.
  • Corporate invoicing: the work is documented with an official invoice aligned with the institution's accounting and procurement processes.
  • Tender and public procurement compliance: offers and documents can be prepared in line with public procurement procedures.
  • Result-based trust: if no data is recovered, no recovery fee is charged. This supports the efficient use of public resources.

Business Continuity and Reducing Service Interruptions

A data loss in a public institution often means an interruption of the service provided to citizens. That is why data recovery is not merely a technical operation but a matter of business continuity. The right approach rests on three principles.

First, do not make the damage worse. Panicked rebuilds, formats or repeated restart attempts turn recoverable data into permanent loss. Second, fast and accurate diagnosis. The sooner and more accurately the state of the media is understood, the faster the service can be brought back online. Third, post-recovery resilience. Once recovery is complete, reviewing the backup strategy and preventing a recurrence of a similar incident is recommended.

The Ankara Capital Advantage: On-Site and Fast Service

Ankara is Turkey's administrative center. It is a capital where ministries, their affiliated and related institutions, metropolitan and district municipalities, public universities and major public hospitals are densely concentrated. This concentration makes the advantage of a data recovery laboratory located in the capital uniquely strong for public institutions.

DSET has operated from its laboratory in Hacettepe Teknokent Beytepe since 2003. For a public institution within Ankara, this means critical media reaching the laboratory within hours, secure delivery via pickup service when needed, and clarification of the confidentiality framework through face-to-face meetings. Considering the density of ministries and directorates around Cankaya, Yenimahalle, Kizilay, Sihhiye, Bahcelievler and their surroundings, in-capital proximity is a tangible gain in both time and confidentiality.

Another advantage of being located in the capital is the auditable, in-person handover and return process. The institution's representative can verify on-site how the media is physically stored and under what conditions it is processed. This is a layer of trust that is not always possible with remote courier processes.

For more about our general data recovery approach in Ankara, see our Ankara data recovery guide. For the server and array failures most common in public institutions, our Ankara RAID and server data recovery article covers the technical details. To learn what to watch for when choosing the right laboratory, see our how to choose a data recovery center content.

Frequently Asked Questions (FAQ)

How is the confidentiality and KVKK compliance of our corporate data ensured?

Before work begins, a non-disclosure agreement (NDA) is signed. Data is processed only for recovery, by a limited number of authorized personnel, in an isolated environment. Under the KVKK framework, your data is never removed from the institution without authorization and is securely destroyed at the end of the work according to the institution's instructions.

Is the process auditable, and are records kept?

Yes. A chain of custody is recorded from the receipt of the media to its return. A handover record, serial number, list of steps and a technical results report are provided. These documents can be used for your internal audit and regulatory obligations.

Do you work in a way compatible with corporate invoicing and tender processes?

Yes. A written quote is provided before any work, no paid work begins without approval, and the result is documented with an official corporate invoice. Offers and documents can be prepared in line with public procurement procedures.

Can data be recovered after a ransomware attack?

In most cases partial or full recovery may be possible, but it cannot be guaranteed. When an attack is detected, it is critical to disconnect the device from the network and power it down, avoid overwriting and report the incident to USOM / TR-CERT. Previous backups and encrypted disks must be preserved, and no media should be erased.

How long does the recovery take?

The duration varies with the type of failure and the volume of data. Initial diagnosis is usually completed quickly, and you are informed of the recovery likelihood and estimated time. For critical public services, an accelerated work plan that prioritizes business continuity can be arranged.

About DSET

DSET has served from Ankara Hacettepe Teknokent Beytepe since 2003. Our success rate in data recovery is 99.4 percent. The first diagnosis is free, and if no data is recovered, no fee is charged. We work with confidentiality, auditability and corporate invoicing processes tailored to public institutions.

Phone: +90 536 662 38 09

Sources