Consent is not a new concept and has been a core part of data protection & privacy laws for decades. However the GDPR raises the bar considerably on 'conditions for processing' personal data.
Simply put, 'consent' means obtaining clear permission to hold and process a person's data for a specific use. Although it is already required, practices such as 'opt out' have become common-place, e.g. pre-ticked checkboxes to receive marketing material, making it more of an assumption of consent rather than explicit permission. The GDPR is far more explicit about what constitutes consent and aims to entirely remove this kind of deception.