follow the example of Russian Railways - force the user to agree with the recognition of PD as publicly available.
plus if you only have a name (not a full name) - then I would try to call this case anonymized personal data, you can’t identify a person by typing a name + d.r. + mail.

To Max @MaxDukov
This item is already excluded from the rules.
Was there in May, not now.

Oh ... Well, let me tell you without details - anrial. Documentation and instructions are now, of course, quite enough. But in general, everything is built as if to suck the dough: you need N certified specialists, you need to contact only offices from the list, a lot of software and equipment, a lot of checks, and so on.
Therefore, if I started something like this, I would declare a focus on non-citizens of the Russian Federation and would be located somewhere outside the jurisdiction. And then ... A check will come on a complaint (from Ivanov I.I., in this case you don’t need to warn), it will see that you have uncertified protection against water leakage in the toilet and stop all the servers.

Everything is simple here:
1. Your main enemy is Roskomnadzor. FSTEK and FSB won't come to you, don't worry. The RKN publishes its inspection plan, and believe me, it is not so easy to get into it.
There are 2 scenarios for the development of events: 1. You get into the inspection plan. 2. An unscheduled check on the fact of the incident (PD leak, complaint of the subject of PD ...). At the same time, the RKN can come for verification after 3 years of the company's existence, unless, of course, any incident has occurred.
2. ILV does not fit into the technical part, i.e. how exactly something is configured, what tools are used and why. First of all, they check security documents (Operator's policy, instructions of those responsible, completed logs, etc.) and check the presence of the Threat Model and the technical project.
3. It is indeed possible to make PD publicly available, with the consent of the subject, but this will not allow you NOT to protect PD, at least integrity and availability will need to be ensured.
In summary, you need to:
1. Submit a notice to the RKN that you are an operator.
2. Develop a set of regime documentation in accordance with the requirements of the regulations.
3. Write documents on technical protection. Here you need to understand that the word "certification" and "attestation" are superfluous for you. On this subject, you can not worry and calmly work with a clear conscience.