How did your team operationalize GDPR Art. 22 automated-decision notifications at scale?

We're implementing the notification obligations under Art. 22 GDPR for an ML-based credit scoring system. The regulation requires meaningful information about the logic involved, significance, and envisaged consequences — but translating model internals into user-facing explanations at scale is proving difficult. What I'd like to hear from teams who've been through this: - How do you balance transparency with IP protection when explaining model features to data subjects? - Are you using SHAP/LIME explanations directly in production notifications, or do you maintain a separate explanation layer? - How do you handle the "right to obtain human intervention" in practice — is it a manual review queue, or have you built an escalation workflow? - Did your DPA provide any guidance on what constitutes 'meaningful information' beyond the regulation text? Jurisdiction: EU, DE Framework: GDPR Art. 22, supplemented by EU AI Act risk classification for high-risk systems. We treat this as a compliance engineering problem, not a legal interpretation request — looking for operational experience, not legal opinions.