Operationalizing GDPR Art. 22: how do you document meaningful human review?

We're implementing a credit-scoring pipeline that flags borderline cases for manual review. The legal team is rightfully concerned about Art. 22 (automated individual decision-making) — they want evidence that the human review is genuine, not just rubber-stamping. How did your team operationalize the 'meaningful human review' requirement? Specific challenges: - Reviewers don't have time to re-analyze every case from scratch - Audit trail needs to show what the human actually considered, not just 'approved' - The model's confidence score is visible to reviewers — does that create bias? Jurisdiction: EU/DE. Framework: GDPR Art. 22, supplemented by BfDI guidance. Looking for peer experience on audit-ready documentation patterns.