More stringent protection for the layman was to be expected following the cyber-attack of the NHS but is fining firms really the best way to protect the customer?