> To take account of the specific situation of micro, small and medium-sized enterprises, this Regulation includes a derogation for organisations with fewer than 250 employees with regard to record-keeping. 4In addition, the Union institutions and bodies, and Member States and their supervisory authorities, are encouraged to take account of the specific needs of micro, small and medium-sized enterprises in the application of this Regulation. 5The notion of micro, small and medium-sized enterprises should draw from Article 2 of the Annex to Commission Recommendation 2003/361/EC¹.
Article 1 (c): the core activities of the controller or the processor consist of processing on a large scale of special categories of data pursuant to Article 9 or ....
What makes you believe that the "large scale" refers to the size of the organisation and not on the amount of processed data.
I can't find any exemption for small companies in Article 37 of the GDPR. Can you give me a hint what part do you interpret this way?