A high-ranking EU official must transfer confidential documents to a delegation abroad using a public cloud storage platform. The official knows that the platform guarantees that data at rest is encrypted and that the provider has signed a service level agreement (SLA). However, the official must ensure strict compliance with the General Data Protection Regulation (GDPR) and the EU’s security guidelines for cloud data processing. Considering the fundamental principles of the GDPR and the responsibility of the data controller, which of the following actions is the MOST critical that the official must verify before making the transfer to ensure the legality of the processing of personal data in this cloud computing scenario?