An official of the European Union Delegation in a third country must use a generative artificial intelligence tool to draft a report on human rights. The report will be based on sensitive data of EU citizens collected by the Delegation. According to the EU digital trust framework, what is the most critical action the official must take before entering any personal data into the tool, to ensure compliance with GDPR principles and information security?