How did your team operationalize GDPR Art. 22 profiling assessments at scale?

Jurisdiction: EU, DE We're rolling out automated decision-making features (credit scoring, content moderation flags) that fall under Art. 22 GDPR. The regulation requires meaningful information about the logic involved, significance, and envisaged consequences — plus the right to human intervention. Practical challenges we're facing: 1. Explaining model decisions in non-technical terms to data subjects 2. Building the human review workflow that actually catches false positives 3. Documenting the 'logic involved' for ML models where even the data science team struggles to articulate decision boundaries How did your compliance team handle this? Did you go with model-agnostic explanation tools (SHAP, LIME), or did you build custom explanation pipelines? And how do you handle the 'right to contest' operationally when you get 500+ DSARs per month? This is peer experience exchange, not a request for legal advice. Looking for operational patterns from teams who've shipped this in production.