Commercial bug bounty companies like Hackerone and Bugcrowd will suffer the most from the crisis for sure. Even more then pentesters. When there are such cool sites like Openbugbounty, all they have to do with their abnormal pricing is to organize their own funerals.

It gives a good CMS/JS security overview (much better compared to other services I previously used), scans for cookies and HTTP/S headers, locates privacy policy and bunch of other non-intrusive checks. Subdomain discovery is awesome. Full GDPR compliance (e.g. legal + human + physical) obviously requires many days of manwork and will likely cost a bunch of money =)