An EU Commission official, assigned to a Common Foreign and Security Policy (CFSP) mission abroad, must urgently transfer a 2 GB file containing personal data of EU citizens to an external cloud server managed by a third-country service provider. The official is aware that, according to the General Data Protection Regulation (GDPR), data transfers outside of the EU/EEA are strictly regulated. What is the legally correct procedure that this official must follow to ensure compliance before initiating the transfer, assuming no adequacy decision has been made for the destination country?