One who is appointed by internal order. This order is shown to Roskomnadzor. It could be anyone, someone from the legal department or security or whatever. This question is decided by the PD operator himself.

In theory, any employee of the organization is appointed. The main thing is to include these functions in his job responsibilities.
In practice: usually the topic of PD is assigned to information security (technical protection, organizational issues), less often to personnel officers and lawyers. In large offices, for these purposes, they can allocate a whole unit, the head of which is the person you are looking for. (by the way, Russian Standard now has vacancies for PD protection specialists, they will be checked in the fall =))
In smaller offices where PD was attached to IS, the person who is best at rummaging in the law, by-laws and information protection is appointed. So it was with me =).
The role of such a person in the organization is essentially a Project Manager. He drives IT, and lawyers, and personnel officers, forms and maintains internal regulatory documentation on PD, conducts internal audits for compliance with the requirements of the law, and so on
. There are many concerns.

Taking into account the fact that the words “organize” and “exercise control” appear in Article 22.1, I would think about appointing the head of the information security department or personnel to this role. There is not as much turnover among the management as among ordinary personnel, and it’s somehow more customary for them to put signatures.
In small organizations, everything depends on the place of the security officer in the structure - if he is a rather technical specialist, then I would push all this bureaucracy into personnel or the office (for appeals). If the IS specialist is a jack of all trades and the load allows, then you can use him.

In practice, an OK employee (head) will never voluntarily agree to be responsible for the PD, although from the point of view of non-technical issues, these are his immediate duties. On the good side, for the absence of “disagreements” between departments and the solution of the questions “Who is in charge here”, the OPDN should be appointed deputy. the head of the organization on PM issues, because not everywhere there are deputies for information security. It is not logical and incorrect to appoint an employee-engineer of the information security department from the point of view of Article 22.1. where there are the words “organize” and “exercise control”, unless, of course, there are such functions in the regulation on the information security department.