A CDO is a very critical role in an organization. Years ago I performed an access control audit and made a recommendation to consider implementing data categorization (classification) based on assigning data ownership and grant access on business justification (need to know basis). It took the organization some time to get the right person (SVP level). But after about three years, the company implement a sound process and incorporated it into their data retention policy and aligned with their life cycle process. That company never had a data breach (that I know of), it was a well run company and I believe still does.
The role per say should report and complement the CIO in work responsibilities but many organizations fail to draw a clear line and hence it it blurred or brings in tension between the 2 roles. The CDO’s job is to experiment with new business tools and develop skills across the workforce and help the CIO in the company's vision and strengthen their IT and Cybersecurity Strategy. If used properly CDO can complement and load share the CIO or become a hindrance when not positioned correctly.