An EU official, acting within the framework of the Common Foreign and Security Policy (CFSP) under the coordination of the European External Action Service (EEAS), must transfer a set of confidential data containing sensitive personal information of third-country nationals to a cloud server of an external provider. The objective is to facilitate collaboration in a crisis diplomatic mission. According to the principles of the General Data Protection Regulation (GDPR) and the EU's cybersecurity guidelines, what is the CORRECT and most robust procedure to ensure legal compliance and data security during this transfer?