A digital officer in the European External Action Service (EEAS) is tasked with coordinating a secure, cross-border data exchange with a third-country partner for a new diplomatic mission. The mission involves processing sensitive personal data of EU citizens and local contacts. Under the EU's regulatory framework for external action and digital security, which of the following actions best ensures compliance with the core principles of data protection while maintaining operational security? A) Transferring the data to a cloud server located in a third country without a Data Protection Impact Assessment (DPIA) because the mission is urgent. B) Relying solely on a verbal agreement with the third-country partner to guarantee data security, as formal contracts are too slow for diplomatic operations. C) Ensuring that the data transfer is governed by an adequacy decision, appropriate safeguards (such as Standard Contractual Clauses), or a binding corporate rule, alongside a DPIA for high-risk processing. D) Anonymizing all data before transfer to the third country, regardless of the data's sensitivity or the operational need to identify specific individuals for diplomatic negotiations. E) Processing all personal data within the EU and refusing to share any information with the third-country partner to avoid any potential legal risks, even if it hinders the mission's effectiveness.