A European Commission official is preparing a confidential report on an External Policy and Security Common (EPSO) mission managed by the European External Action Service (EEAS). The report contains personal data of diplomats and citizens from third countries that will be shared with international partners through a public cloud platform. Before proceeding, the official must ensure strict compliance with the General Data Protection Regulation (GDPR) and the EEAS security guidelines. Which of the following data protection measures is the MOST critical and specific to guaranteeing the confidentiality and integrity of the data during this international cross-border exchange?