As an EU official assigned to an international cooperation mission, you are managing a cloud project that involves the processing of sensitive personal data from citizens of third countries. According to the EU's security and data protection framework (specifically, the General Data Protection Regulation, GDPR), which of the following actions ensures compliance with the fundamental principles of 'data minimization' and 'purpose limitation' when transferring information to an external cloud service provider?