GDPR Art. 22 automated decision-making: how do you document meaningful human review in production?

We operate a credit-scoring API that feeds into a loan approval workflow. The model output is a score; a threshold determines auto-approval vs manual review. Under GDPR Art. 22, we need to ensure data subjects have the right to obtain "meaningful human review" of automated decisions. Our current setup: borderline cases (score within ±5 of threshold) are routed to a human reviewer. But auditors have flagged that reviewers spend an average of 8 seconds per case and almost never override the model. This is arguably not "meaningful" review. What we've considered: - Mandatory cooling-off period before human review (forces independent assessment) - Blinding the reviewer to the model's score (they see raw features only) - Documenting the review rationale as a structured form (not just approve/reject) How are teams operationalizing "meaningful human review" in high-volume production systems without grinding throughput to a halt? What documentation satisfies DPA auditors in DE/AT? Jurisdiction: EU, DE