The Rule
GDPR Article 22: data subjects have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significant effects. Exceptions: contract necessity, explicit consent, authorized by law.
CRM Relevance
Automated lead scoring affecting service level. AI decisioning on customer routing. Agent auto-close of cases affecting customer rights. These trigger Article 22 when consequential.
Compliance Patterns
Meaningful human review as default. Right to explanation (describe the logic, not disclose the model). Right to contest and obtain human review. Clear disclosure that automated decisions occur.
Intersection with AI Act
AI Act’s high-risk categories overlap with Article 22 scenarios. Compliance efforts compound — one integrated program covers both. Separating them creates duplicated work and policy gaps.