An EU delegation agent in a third country must send a confidential report containing personal data of EU citizens to the EEAS headquarters in Brussels. The report includes sensitive information about ongoing diplomatic negotiations. Considering the principles of the GDPR and EU security guidelines, what is the CORRECT procedure to ensure the protection of these data during transfer to the corporate cloud?