As part of your work in the EU Digital Public Administration, an official must process large volumes of European citizens' data in a cloud computing environment for an awareness campaign. To ensure compliance with the General Data Protection Regulation (GDPR) and security principles, which of the following actions is most appropriate to ensure that personal data is not exposed to unauthorized access during the process?