Soft Opt‑In Email Marketing: Using It Legally in Britain

Alex Solo
byAlex Solo9 min read
Digital Marketing & AdvertisingRegulatory ComplianceData & Privacy
Contents

Building an engaged email list is a powerful way to grow your small business or startup in the UK. But if you’ve ever looked into sending marketing emails, you’ll know there are plenty of privacy rules to follow - and when it comes to consent, things can get confusing fast.

That’s where “soft opt-in” comes in. If you already have a relationship with your customers, you may be able to lawfully send certain marketing emails, even if they haven’t ticked a specific consent box.

So what exactly is the soft opt-in, when can you use it for your marketing campaigns, and what do you need to watch out for? In this guide, we’ll walk you through the essentials - in plain English. If you want to harness marketing soft tactics legally and avoid privacy pitfalls, keep reading.

What Is “Soft Opt-In” In UK Email Marketing?

When you think about marketing consent, you probably imagine lengthy checkboxes and clear permissions. Normally, if you want to email an individual in Britain with marketing (think special offers, newsletters, product launches), you need their explicit opt-in consent.

But UK law carves out a very specific exception known as the soft opt-in. This allows you to market by email or text to your existing customers under certain conditions - even if they haven’t formally “opted in” to marketing.

The rules for email and text marketing come from the Privacy and Electronic Communications Regulations (PECR). The soft opt-in exemption recognises that, if someone bought from your business before, it’s reasonable to let you notify them about similar products and deals, provided you do so respectfully and with privacy rights front of mind.

Soft opt-in exists because PECR (which sits alongside the UK GDPR and Data Protection Act 2018) says you can lawfully send direct marketing messages to individuals without explicit prior consent if certain clear conditions are met.

It’s a practical recognition of real-world customer relationships. But it is strictly limited - it’s not a general loophole for mass marketing. Every step must be handled by the book or you could end up breaching UK privacy law.

You can review the ICO guidance and relevant sections of PECR if you’d like more official detail, but here’s what every UK business should know in plain language:

When Can You Use Soft Opt-In? The Key Conditions Explained

To rely on the soft opt-in, all of the following conditions must be met for each recipient:

  • You collected the individual’s contact details during a sale (or steps toward a sale) of your products or services. It could be an actual purchase, or a negotiation (such as a quote, booking enquiry, or test drive).
  • You’re marketing your own similar products or services. The rule only covers messages about items similar to what the customer has already bought (or negotiated over) from your business. No cross-promotion or third-party offers.
  • The customer had a clear chance to refuse (“opt out”) of email marketing, both:
    • At the time you first collected their details
    • In every subsequent marketing message

Let’s break those down a bit further:

  • Sale or negotiation: If a customer signed up just to “hear more,” but hasn’t purchased or entered a sales discussion, soft opt-in won’t apply. You’ll need full opt-in consent there.
  • Similar products: You can only send marketing emails about goods or services that are similar to what the customer bought (for example, if they bought a pair of trainers, promotions for new shoes or sports gear are usually fine - but not for unrelated services like insurance).
  • Opt-out must be prominent and easy: You’re required to explain, at sign-up and in each message, that the customer can opt out at any time. This must be a simple, no-hassle process - a visible “unsubscribe” link in your emails is essential.

Real-World Examples Of Soft Opt-In (And When It Doesn’t Apply)

Let’s ground this with a few scenarios.

  • Valid soft opt-in: Jess buys a camera from your online photography store. During checkout, you collect her email. You send her a receipt and, later, info about new camera lenses and accessories. At every stage, you include a clear opt-out link. You’re covered by the soft opt-in.
  • Invalid (no prior sale): Joe enters his email to download your free PDF guide, but never buys or negotiates for your services. If you send him marketing emails, you need standard opt-in consent - you can’t rely on soft opt-in.
  • Invalid (unsolicited third party): You buy a list of email addresses and send marketing messages to people who have never interacted with your brand. Soft opt-in never applies to bought-in lists or cold contacts.
  • Invalid (unrelated product): Sam books a dog grooming with you. You later send him emails about a new line of kitchen gadgets. These products aren’t similar enough, so this email does not fall under soft opt-in.
  • Charity and non-commercial: PECR’s soft opt-in only applies to commercial promotions (your own goods/services). It doesn’t cover charity fundraising, third-party ads, or non-profit events.

If you’re in doubt about the relationship or what’s “similar” enough, it’s always safer to get full opt-in consent before sending marketing emails.

Compliance Checklist: Getting Soft Opt-In Right

Complying properly with soft opt-in isn’t difficult, but you do need to get the details right. Here’s a checklist to keep your marketing soft and legal in the UK:

  • Collect contact details directly from the customer during a purchase or negotiating a sale or service.
  • Limit email marketing to the same line of products or services as those the customer interacted with.
  • Provide a clear, easy opt-out mechanism both at first data collection and in every email you send.
  • Don’t use soft opt-in for purchased or sourced email lists.
  • Don’t send unrelated offers or promote partner/third-party goods under soft opt-in.
  • Document and store proof that you offered opt-out and complied with the rules in all campaigns.
  • Review your privacy policy and data collection notices so they match your real-world practices. (Check out our guide to Privacy Policies and get expert help if needed.)
  • Honor all opt-out requests promptly and completely.

Smart businesses also make sure all team members responsible for email marketing understand these rules. If you run an online shop or marketplace, make sure your terms and conditions are up to scratch too.

What Do Businesses Most Often Get Wrong With Soft Opt-In?

Mistakes with soft opt-in typically fall into a few common traps:

  • No real customer relationship: Sending sales emails to people who haven’t purchased or negotiated a sale/service is not allowed under soft opt-in.
  • Forgetting the opt-out at the first interaction: If you don’t provide a simple opt-out when collecting an email, your later marketing emails aren’t covered by the exemption, even if the customer buys something.
  • Bundling consent without clarity: Hiding opt-out in terms and conditions, or using confusing language, won’t suffice. Opt-out must be clear, prominent and practical.
  • Getting over-enthusiastic with “similar products”: Soft opt-in doesn’t let you promote everything your business does. Be conservative: if in doubt, don’t market it under this exemption.
  • Continuing marketing after an opt-out: If a customer unsubscribes, continuing to email them not only breaches PECR but also risks fines and reputational harm. Always respect opt-out requests immediately.
  • Mixing in third-party offers: Don’t use soft opt-in to push unrelated brands, charities, or business partners.

Many businesses run into trouble by misunderstanding these boundaries. To learn about other common small business legal mistakes, check out our practical guide.

What Are the Risks of Non-Compliance?

If your business slips up with soft opt-in, the risks can be serious. The Information Commissioner’s Office (ICO) can investigate complaints - and has the authority to issue fines for breaches of PECR or UK GDPR.

  • Fines & enforcement: PECR breaches can result in substantial financial penalties - sometimes thousands or even millions of pounds for larger operations.
  • Reputational risks: Consumers are increasingly privacy-aware. Recurring complaints, negative press, or annoyed customers can damage your brand’s credibility.
  • Loss of trust: Mishandling marketing consent can lead to customers unsubscribing en masse, or even avoiding your business in future.
  • Legal disputes: Persistent breaches could trigger legal action from aggrieved individuals or industry watchdogs.

Staying on the right side of email marketing law protects both your business and your customer relationships from day one.

Practical Tips For Using Soft Opt-In Responsibly

Making the most of the soft opt-in approach requires more than technical compliance. Here are a few practical, customer-friendly tips:

  • Be transparent about your practices - explain why you’re emailing, and reference your privacy information in all messages.
  • Include an “unsubscribe” link that actually works - every time. Don’t make people jump through hoops to opt out.
  • Be conservative about what qualifies as a “similar product or service.” If your business has multiple lines, segment lists accordingly.
  • Educate your marketing team about when soft opt-in does and does not apply. When in doubt, secure full, explicit consent just in case.
  • Regularly audit your email marketing compliance. Document your practices and update them when laws or guidance change (for example, if you expand across the EU in the future, check how rules differ).
  • Update your privacy notices to reflect your actual email marketing practices. If you need help with compliant terms and conditions or privacy documents, speak with a legal expert.
  • Look after your list. Honor all email unsubscribe requests quickly, and remove non-customers from your “soft opt-in” list. This reduces your risk of complaints.

Marketing and data protection regulations aren’t always black-and-white. If you’re unsure if a particular campaign qualifies for soft opt-in, or you’re wondering whether your messages are “similar enough” in nature, it’s wise to get expert advice before hitting send.

  • Expanding to new products? Don’t assume soft opt-in applies. Seek guidance first.
  • Using a new email list or software? Make sure your privacy collection notices and opt-out processes are up to date.
  • Onboarding new staff? Ensure team members understand PECR and the UK GDPR basics. We recommend a short induction or staff policy, which we can help you prepare (get started here).
  • Concerned about PECR or GDPR fines? Talk to a data privacy lawyer who can review your practices and suggest low-risk improvements.

Remember, it’s easier (and cheaper) to set things up properly than to deal with a breach after the fact.

Soft opt-in deals with who you can contact and under what circumstances - but it’s only one piece of the UK email marketing puzzle. Make sure you also:

  • Comply with GDPR and data protection rules on how you store and process customer information
  • Have the right website terms and policies
  • Respond quickly to any requests for access to or deletion of customer data (“subject access requests”)
  • Send only relevant, honest communications - avoid misleading claims which also breach consumer law
  • Treat all marketing data & campaign records as confidential business information

If you’re not sure what legal documents you need, you can refer to our deeper list of essential business legal documents for digital marketing and ecommerce.

Key Takeaways

  • The soft opt-in is a legal exemption allowing marketing emails to existing UK customers - but only under strict conditions.
  • It requires you to collect email addresses during a sale or serious negotiation, to market only your own similar products/services, and to give a clear, simple opt-out every time.
  • Soft opt-in never covers cold contacts or purchased lists, unrelated products, or third-party offers.
  • Non-compliance can result in hefty fines, lost reputation, and legal disputes - so it’s crucial to get it right.
  • Best practice is to be conservative, transparent, and document your compliance at every step.
  • If there’s ever any doubt, getting expert legal advice is the safest way to protect your business and your brand.

For more practical legal help with your marketing, privacy compliance or small business legals, you can reach us at 08081347754 or team@sprintlaw.co.uk for a free, no-obligations chat. Let’s make sure your marketing strategy is both effective and legally secure from day one!

Alex Solo
Alex Solo

Alex is Sprintlaw's co-founder and principal lawyer. Alex previously worked at a top-tier firm as a lawyer specialising in technology and media contracts, and founded a digital agency which he sold in 2015.

Need legal help?

Get in touch with our team

Tell us what you need and we'll come back with a fixed-fee quote - no obligation, no surprises.

Keep reading

Related Articles

Influencer Agreements "What Are They" (2026 Updated)

Influencer Agreements "What Are They" (2026 Updated)

Influencer marketing isn't just for huge brands anymore. If you're a small business owner, you can build real momentum (and real sales) by partnering with creators who already have your ideal customers?...

1 May 2026
Read more
Unsolicited Emails In The UK: What Businesses Can Send And Stay Compliant

Unsolicited Emails In The UK: What Businesses Can Send And Stay Compliant

If you run a small business, email marketing can feel like the obvious way to grow. It’s fast, cost-effective, and (when done well) genuinely helpful for customers. But there’s a big catch:...

27 Apr 2026
Read more
How To Protect Your Business Name With UK Trademarks In Local Listings

How To Protect Your Business Name With UK Trademarks In Local Listings

If you’ve ever Googled your business and found a map result, a directory profile or a “knowledge panel” showing your opening hours, phone number and reviews, you’ve already seen how powerful local...

27 Apr 2026
Read more
How To Set Up An Agency In The UK: Legal Steps, Contracts And Compliance

How To Set Up An Agency In The UK: Legal Steps, Contracts And Compliance

Setting up an agency can be an exciting way to build a scalable business - whether you’re launching a marketing agency, recruitment agency, creative studio, PR consultancy, digital product agency, or a...

23 Apr 2026
Read more
UK Cookie Policy Requirements for GDPR Compliance: What to Include

UK Cookie Policy Requirements for GDPR Compliance: What to Include

If your business has a website (or app), chances are you’re using cookies or similar tracking technologies - even if it’s “just” for analytics or basic functionality. And while cookies can be...

21 Apr 2026
Read more
Copyright Infringement In the UK: How To Avoid Violations And Protect Your Work

Copyright Infringement In the UK: How To Avoid Violations And Protect Your Work

If you run a small business, you’re probably creating content and materials every day - product photos, website copy, social posts, packaging designs, training manuals, proposals, and more. The tricky part is...

21 Apr 2026
Read more
Need support?

Need help with your business legals?

Speak with Sprintlaw to get practical legal support and fixed-fee options tailored to your business.

Get StartedBook A Call