What additional controls are in place to support the unauthorised access of data?

What additional controls are in place to support the unauthorised access of data? (From a Criminal Offence perspective)

Our ISO27001 accreditation shows we follow a best practice approach to mitigating unauthorised access of data.