The post explicitly mentions a clause that will make that distinction. The author argues it might be removed from the final text as part of the ongoing horse-trading, but at least it’s clear MEPs do understand the difference nowadays.
It would be insane to implement privacy and data regulations differently for smaller companies. You would end up with startups having free reign to abuse peoples privacy in order to gain market dominance against their larger competitors who don't have this advantage, and you'd have larger companies near the threshold arguing about and doing everything in their power to stay under their threshold so they can avoid doing things like allowing people to delete their profiles or downloading their data to transfer to a competitor. Smaller or less important leaks would be brushed up under the rug because 'Well, at least they're not BA', nothing good would come of it. If the law is unduly harsh on smaller companies that's due to the realities of dealing with people's personal information in a secure manner, not because the legislators decided to put people before corporations.
