An EU official in charge of foreign policy must manage a diplomatic crisis that requires the secure transmission of sensitive confidential documents between EU offices across different continents. The official must strictly comply with the General Data Protection Regulation (GDPR) and EU cybersecurity guidelines, ensuring that personal data processed under the Common Foreign and Security Policy (CFSP) does not suffer a security breach. Considering the principles of 'privacy by design and by default' and the security requirements for data processing in the cloud, what is the MOST appropriate and legally compliant technical and organizational measure under EU law to guarantee the confidentiality and integrity of this sensitive data during its transmission and storage in a third-party cloud computing environment?