Though the GDPR is more of an evolution than a revolution of existing EU rules, it nonetheless includes some substantial changes to what came before. Among other things, the new regulation:
Grants individuals some new rights (e.g. the right to move your own data from one company or service to another, and the right to request a copy of the data a company or organisation holds on you); and requires companies and organisations to be more transparent (e.g. they need to inform you where the data they are processing comes from, and for what purposes it is being processed; they need to inform you if you are being profiled).
Makes it easier to more effectively enforce the law (e.g. through fining companies or organisation, or allowing individuals to go directly to court in the case of a violation).
Simplifies the rules by applying the exact same law to all EU countries, but offers more flexibility in how businesses actually comply with the law.