A European Commission official is managing a diplomatic mission abroad that requires the intensive use of cloud computing tools to share sensitive documents with other EU delegations and member state ministries. During an internal cybersecurity audit, it is identified that the current system uses a weak encryption protocol and lacks robust multi-factor authentication (MFA) mechanisms for remote access. Additionally, it is observed that personal data of third-country citizens are being stored on servers that do not meet the EU's data sovereignty requirements. Considering digital security principles, the General Data Protection Regulation (GDPR), and the European Commission's cybersecurity guidelines, what is the most comprehensive and mandatory corrective action to mitigate the identified risks without disrupting the mission?