Understanding PECR compliance for marketing in the leisure sector

7th July 2026

Laura Crowe, Senior Associate

Marketing is essential for leisure businesses. Whether it is promoting hotel offers, theatre tickets, gym memberships or visitor attractions, email and text marketing can be an effective way to attract customers and increase sales.

Leisure businesses often collect a large amount of customer information, such as booking history, loyalty scheme details, customer preferences, attendance or travel information, and website and app activity. While this information can help businesses offer relevant promotions, simply having customer data does not automatically give permission to send marketing messages.

However, there are rules around how businesses can use people’s contact details. The Privacy and Electronic Communications Regulations (PECR), alongside UK GDPR, set out what organisations must do when sending marketing messages.

Understanding PECR and GDPR rules for marketing communications

Businesses should make sure they:

Obtain consent –  freely given, specific, informed, and unambiguous. Customers must clearly agree to receive marketing communications. Businesses should keep records showing when and how that permission was given.

Use the “soft opt-in” correctly – in some situations, businesses can market to existing customers without explicit consent. However, this only applies if:

  • The customer provided their details when making, or considering, a purchase.
  • The marketing relates to similar products or services.
  • The customer was given the opportunity to opt out when their details were collected and in every marketing message afterwards.

Make it easy to unsubscribe – customers should be able to stop marketing messages easily, and businesses should act on those requests promptly.

ICO enforcement and what regulators are looking at

The Information Commissioner’s Office (ICO) is increasingly focusing on whether businesses can prove they are following the rules.

The ICO recently fined food delivery company HelloFresh £140,000 for a campaign of 79 million spam emails and 1 million spam texts over a seven-month period.

The marketing messages were sent based on an opt-in statement which did not make any reference to the sending of marketing via text, and which was also bundled with an age confirmation statement which was likely to unfairly incentivise customers to agree. Customers were also not given sufficient information that their data would continue to be used for marketing purposes for up to 24 months after cancelling their subscriptions.

Compliance lessons
  1. Make consent wording clear and easy to understand.
  2. Avoid combining different permissions into one consent request.
  3. Review older customer databases rather than assuming existing permissions are valid.
  4. Keep accurate marketing records.

Why PECR compliance matters for leisure operators

Compliance with the Privacy and Electronic Communications Regulations (PECR) is becoming increasingly important for leisure operators. Failure to comply can result in regulatory investigations, significant financial penalties, reputational damage, and a loss of customer trust. At the same time, customers are more aware than ever of how their personal data is used and increasingly expect organisations to respect their marketing preferences.

Recent reforms introduced through the Data (Use and Access) Act 2025 have strengthened PECR’s enforcement framework and clarified aspects of direct marketing regulation. These changes reflect a broader regulatory shift towards supporting responsible data use and innovation while taking a firmer approach to unwanted marketing practices.

As a result, PECR should no longer be viewed as a niche compliance requirement. It is now a key consideration for managing regulatory risk, avoiding financial penalties, maintaining customer trust, and protecting brand reputation.

Building customer trust through transparent marketing

Businesses invest heavily in customer experience, yet this can quickly be undermined and customers can quickly become frustrated by:

  • Too many marketing messages
  • Unclear requests for consent
  • Difficult unsubscribe processes
  • Continuing to receive marketing after opting out

PECR reflects what customers already expect: transparency, choice, and respect.

Being transparent and giving customers genuine choice not only helps with compliance but can also improve customer loyalty and brand reputation.

A direct marketing checklist for email and SMS communications

  • Can we show when and how customers agreed to receive marketing?
  • Are our email and text marketing permissions clearly explained?
  • Are we using the soft opt-in rules correctly?
  • Does every marketing message include an easy way to unsubscribe?
  • Are our opt-out and suppression lists up to date?
  • Have we reviewed older customer databases recently?
  • Are any third parties collecting marketing permissions correctly on our behalf?
  • Could we demonstrate compliance if the ICO asked us to?

In today’s leisure sector, marketing success is not measured by how many messages are sent, but by how well organisations earn and maintain customer trust. Businesses that respect customer choices, communicate transparently and lawfully will build and maintain stronger relationships to support sustainable growth. In a crowded and competitive market, putting customers first is not just a compliance requirement; it is a genuine commercial advantage.

If you would like advice on PECR, marketing consent, or reviewing your marketing practices, our Commercial team can help. Contact us on 0161 832 3434, or email us at [email protected].
Kuits FSQS registered
Kuits good employment supporter