Home / Understanding PECR compliance for marketing in the leisure sector
7th July 2026
Laura Crowe, Senior Associate
Leisure businesses often collect a large amount of customer information, such as booking history, loyalty scheme details, customer preferences, attendance or travel information, and website and app activity. While this information can help businesses offer relevant promotions, simply having customer data does not automatically give permission to send marketing messages.
However, there are rules around how businesses can use people’s contact details. The Privacy and Electronic Communications Regulations (PECR), alongside UK GDPR, set out what organisations must do when sending marketing messages.
Businesses should make sure they:
Obtain consent – freely given, specific, informed, and unambiguous. Customers must clearly agree to receive marketing communications. Businesses should keep records showing when and how that permission was given.
Use the “soft opt-in” correctly – in some situations, businesses can market to existing customers without explicit consent. However, this only applies if:
Make it easy to unsubscribe – customers should be able to stop marketing messages easily, and businesses should act on those requests promptly.
The Information Commissioner’s Office (ICO) is increasingly focusing on whether businesses can prove they are following the rules.
The ICO recently fined food delivery company HelloFresh £140,000 for a campaign of 79 million spam emails and 1 million spam texts over a seven-month period.
The marketing messages were sent based on an opt-in statement which did not make any reference to the sending of marketing via text, and which was also bundled with an age confirmation statement which was likely to unfairly incentivise customers to agree. Customers were also not given sufficient information that their data would continue to be used for marketing purposes for up to 24 months after cancelling their subscriptions.
Compliance with the Privacy and Electronic Communications Regulations (PECR) is becoming increasingly important for leisure operators. Failure to comply can result in regulatory investigations, significant financial penalties, reputational damage, and a loss of customer trust. At the same time, customers are more aware than ever of how their personal data is used and increasingly expect organisations to respect their marketing preferences.
Recent reforms introduced through the Data (Use and Access) Act 2025 have strengthened PECR’s enforcement framework and clarified aspects of direct marketing regulation. These changes reflect a broader regulatory shift towards supporting responsible data use and innovation while taking a firmer approach to unwanted marketing practices.
As a result, PECR should no longer be viewed as a niche compliance requirement. It is now a key consideration for managing regulatory risk, avoiding financial penalties, maintaining customer trust, and protecting brand reputation.
Businesses invest heavily in customer experience, yet this can quickly be undermined and customers can quickly become frustrated by:
PECR reflects what customers already expect: transparency, choice, and respect.
Being transparent and giving customers genuine choice not only helps with compliance but can also improve customer loyalty and brand reputation.
In today’s leisure sector, marketing success is not measured by how many messages are sent, but by how well organisations earn and maintain customer trust. Businesses that respect customer choices, communicate transparently and lawfully will build and maintain stronger relationships to support sustainable growth. In a crowded and competitive market, putting customers first is not just a compliance requirement; it is a genuine commercial advantage.