You work in an EU delegation in a third-country. The delegation has implemented a new digital document management system to coordinate missions of the Common Security and Defence Policy (CSDP). The system stores personal data of third-country citizens and local employees. During a security audit, you identify that the system allows any delegation user to access these sensitive data without robust authentication or detailed audit logs, based on the premise of 'total coordination requires total access'. Additionally, the system does not use encryption for sensitive data. According to applicable digital security and data protection principles in EU external action and institutional cyber security best practices, what is the most critical and appropriate immediate action you should take?