Scenario: You are setting up a Data Warehouse on Google Cloud and plan to store sensitive data in BigQuery. Your company's policy dictates that encryption keys must be generated outside of Google Cloud. Question: What steps should you take to implement a solution that complies with this policy?