An EU Delegation agent in a third country must send a confidential report containing personal data of EU citizens to their central office in Brussels using a public cloud platform. According to the EU's data protection principles and digital security best practices, what is the most critical action the agent should take before transferring the data to ensure its security?