An EU official needs to send confidential documents containing personal data of Union citizens to an external partner in a non-EU country, using a cloud storage platform. According to the fundamental principles of the General Data Protection Regulation (GDPR) and EU case law on international transfers, what is the most critical step the official must ensure before proceeding with the transfer to ensure legal compliance?