The Govt. has released Justice BN Srikrishna Committee Report on Data Protection and Draft Personal Data Protection Bill, 2018.

• Jurisdiction over personal data i.e. used, shared, disclosed, collected, or otherwise, processed in India.
• No retrospective application, and coming in force in a structured and phased manner.
• Cover processing of personal data used by both public and private companies incorporated under Indian Law, irrespective of the data being processed in India, or not.
• Sensitive personal data will include passwords, financial, health data, etc.
• Data Protection Authority of India (DPA) will be set up for the effective implementation and enforcement.
• The consent from individuals should be free, informed, specific, clear and capable of being withdrawn. They will have the right to access their data, make corrections, and also restrict its usage.
• Stiff penalties for violating the law.
• Identified 50 statutes and regulations, which potentially overlap the proposed law. It has also suggested amendments to the Aadhar Act.

For more: http://meity.gov.in/writereaddata/files/Personal_Data_Protection_Bill%2C2018_0.pdf