A staff member of the EU Delegation in a third country must implement a new cloud collaboration tool to manage sensitive data from the Common Security and Defence Policy (CSDP). The tool allows remote access from personal devices (BYOD) and uses AI algorithms to automatically classify documents. Before proceeding, the staff member must verify compliance with the EU legal framework. According to the fundamental principles of data protection of the European Union (GDPR) and the information security obligations for EU institutions, what is the CRITICAL security measure that must be implemented PRIORITARILY to ensure the integrity of the CSDP data and legal compliance, considering that the tool uses third-party cloud providers?